Search criteria
626 vulnerabilities found for Windows 10 by Microsoft
VAR-202105-1431
Vulnerability from variot - Updated: 2025-12-22 22:58The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. IEEE 802.11 The standard has vulnerabilities related to lack of certification for critical functions.Information may be tampered with. A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586) A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an malicious user to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality. (CVE-2020-24587) A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588) Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP. (CVE-2020-26139) A vulnerability was found in Linux kernel's WiFi implementation. An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. (CVE-2020-26141) A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity. (CVE-2020-26145) A flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel's WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used. The highest threat from this vulnerability is to integrity. (CVE-2020-26147) A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem. (CVE-2020-26541) A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558) A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129) A flaw was found in the Linux kernel's KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-22543) A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399) A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034) The canbus filesystem in the Linux kernel contains an information leak of kernel memory to devices on the CAN bus network link layer. An attacker with the ability to dump messages on the CAN bus is able to learn of uninitialized stack values by dumbing messages on the can bus. (CVE-2021-34693) An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local malicious user to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3506) A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564) A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573) A flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a denial of service can be triggered by a local unprivileged user causing a kernel panic. (CVE-2021-38208). 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:4356-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4356 Issue date: 2021-11-09 CVE Names: CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-27777 CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 CVE-2020-36386 CVE-2021-0129 CVE-2021-3348 CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732 CVE-2021-20194 CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 CVE-2021-31916 CVE-2021-33200 ==================================================================== 1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64
Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) * kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646) * kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)
- Solution:
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1509204 - dlm: Add ability to set SO_MARK on DLM sockets
1793880 - Unreliable RTC synchronization (11-minute mode)
1816493 - [RHEL 8.3] Discard request from mkfs.xfs takes too much time on raid10
1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity
1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
1915825 - Allow falling back to genfscon labeling when the FS doesn't support xattrs and there is a fs_use_xattr rule for it
1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.
1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure
1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers
1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers
1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers
1933527 - Files on cifs mount can get mixed contents when underlying file is removed but inode number is reused, when mounted with 'serverino' and 'cache=strict '
1939341 - CNB: net: add inline function skb_csum_is_sctp
1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c
1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del
1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
1953847 - [ethtool] The NLM_F_MULTI should be used for NLM_F_DUMP
1954588 - RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps.
1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation
1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection
1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys
1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame
1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client
1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks
1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames
1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks
1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header
1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames
1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers
1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments
1960708 - please add CAP_CHECKPOINT_RESTORE to capability.h
1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs
1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails
1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
1965360 - kernel: get_timespec64 does not ignore padding in compat syscalls
1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()
1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c
1971101 - ceph: potential data corruption in cephfs write_begin codepath
1972278 - libceph: allow addrvecs with a single NONE/blank address
1974627 - [TIPC] kernel BUG at lib/list_debug.c:31!
1975182 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer [rhel-8.5.0]
1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
1976679 - blk-mq: fix/improve io scheduler batching dispatch
1976699 - [SCTP]WARNING: CPU: 29 PID: 3165 at mm/page_alloc.c:4579 __alloc_pages_slowpath+0xb74/0xd00
1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
1976969 - XFS: followup to XFS sync to upstream v5.10 (re BZ1937116)
1977162 - [XDP] test program warning: libbpf: elf: skipping unrecognized data section(16) .eh_frame
1977422 - Missing backport of IMA boot aggregate calculation in rhel 8.4 kernel
1977537 - RHEL8.5: Update the kernel workqueue code to v5.12 level
1977850 - geneve virtual devices lack the NETIF_F_FRAGLIST feature
1978369 - dm writecache: sync with upstream 5.14
1979070 - Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?)
1979680 - Backport openvswitch tracepoints
1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod
1986138 - Lockd invalid cast to nlm_lockowner
1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty()
1989999 - ceph omnibus backport for RHEL-8.5.0
1991976 - block: fix New warning in nvme_setup_discard
1992700 - blk-mq: fix kernel panic when iterating over flush request
1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files
1996854 - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: kernel-4.18.0-348.el8.src.rpm
aarch64: bpftool-4.18.0-348.el8.aarch64.rpm bpftool-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-4.18.0-348.el8.aarch64.rpm kernel-core-4.18.0-348.el8.aarch64.rpm kernel-cross-headers-4.18.0-348.el8.aarch64.rpm kernel-debug-4.18.0-348.el8.aarch64.rpm kernel-debug-core-4.18.0-348.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debug-devel-4.18.0-348.el8.aarch64.rpm kernel-debug-modules-4.18.0-348.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm kernel-devel-4.18.0-348.el8.aarch64.rpm kernel-headers-4.18.0-348.el8.aarch64.rpm kernel-modules-4.18.0-348.el8.aarch64.rpm kernel-modules-extra-4.18.0-348.el8.aarch64.rpm kernel-tools-4.18.0-348.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-tools-libs-4.18.0-348.el8.aarch64.rpm perf-4.18.0-348.el8.aarch64.rpm perf-debuginfo-4.18.0-348.el8.aarch64.rpm python3-perf-4.18.0-348.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm
noarch: kernel-abi-stablelists-4.18.0-348.el8.noarch.rpm kernel-doc-4.18.0-348.el8.noarch.rpm
ppc64le: bpftool-4.18.0-348.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-4.18.0-348.el8.ppc64le.rpm kernel-core-4.18.0-348.el8.ppc64le.rpm kernel-cross-headers-4.18.0-348.el8.ppc64le.rpm kernel-debug-4.18.0-348.el8.ppc64le.rpm kernel-debug-core-4.18.0-348.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debug-devel-4.18.0-348.el8.ppc64le.rpm kernel-debug-modules-4.18.0-348.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm kernel-devel-4.18.0-348.el8.ppc64le.rpm kernel-headers-4.18.0-348.el8.ppc64le.rpm kernel-modules-4.18.0-348.el8.ppc64le.rpm kernel-modules-extra-4.18.0-348.el8.ppc64le.rpm kernel-tools-4.18.0-348.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-tools-libs-4.18.0-348.el8.ppc64le.rpm perf-4.18.0-348.el8.ppc64le.rpm perf-debuginfo-4.18.0-348.el8.ppc64le.rpm python3-perf-4.18.0-348.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm
s390x: bpftool-4.18.0-348.el8.s390x.rpm bpftool-debuginfo-4.18.0-348.el8.s390x.rpm kernel-4.18.0-348.el8.s390x.rpm kernel-core-4.18.0-348.el8.s390x.rpm kernel-cross-headers-4.18.0-348.el8.s390x.rpm kernel-debug-4.18.0-348.el8.s390x.rpm kernel-debug-core-4.18.0-348.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-348.el8.s390x.rpm kernel-debug-devel-4.18.0-348.el8.s390x.rpm kernel-debug-modules-4.18.0-348.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-348.el8.s390x.rpm kernel-debuginfo-4.18.0-348.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-348.el8.s390x.rpm kernel-devel-4.18.0-348.el8.s390x.rpm kernel-headers-4.18.0-348.el8.s390x.rpm kernel-modules-4.18.0-348.el8.s390x.rpm kernel-modules-extra-4.18.0-348.el8.s390x.rpm kernel-tools-4.18.0-348.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-348.el8.s390x.rpm perf-4.18.0-348.el8.s390x.rpm perf-debuginfo-4.18.0-348.el8.s390x.rpm python3-perf-4.18.0-348.el8.s390x.rpm python3-perf-debuginfo-4.18.0-348.el8.s390x.rpm
x86_64: bpftool-4.18.0-348.el8.x86_64.rpm bpftool-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-4.18.0-348.el8.x86_64.rpm kernel-core-4.18.0-348.el8.x86_64.rpm kernel-cross-headers-4.18.0-348.el8.x86_64.rpm kernel-debug-4.18.0-348.el8.x86_64.rpm kernel-debug-core-4.18.0-348.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debug-devel-4.18.0-348.el8.x86_64.rpm kernel-debug-modules-4.18.0-348.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm kernel-devel-4.18.0-348.el8.x86_64.rpm kernel-headers-4.18.0-348.el8.x86_64.rpm kernel-modules-4.18.0-348.el8.x86_64.rpm kernel-modules-extra-4.18.0-348.el8.x86_64.rpm kernel-tools-4.18.0-348.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-tools-libs-4.18.0-348.el8.x86_64.rpm perf-4.18.0-348.el8.x86_64.rpm perf-debuginfo-4.18.0-348.el8.x86_64.rpm python3-perf-4.18.0-348.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: bpftool-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-348.el8.aarch64.rpm perf-debuginfo-4.18.0-348.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm
ppc64le: bpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-348.el8.ppc64le.rpm perf-debuginfo-4.18.0-348.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm
x86_64: bpftool-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-348.el8.x86_64.rpm perf-debuginfo-4.18.0-348.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdRdzjgjWX9erEAQhs0w//as9X4T+FCf3TAbcNIStxlOK6fbJoAlST FrgNJnRH3RmT+VxRSLWZcsJQf78kudeJWtMezbGSVREfhCMBCGhKZ7mvVp5P7J8l bobmdaap3hqkPqq66VuKxGuS+6j0rXXgGQH034yzoX+L/lx6KV9qdAnZZO+7kWcy SfX0GkLg0ARDMfsoUKwVmeUeNLhPlJ4ZH2rBdZ4FhjyEAG/5yL9JwU/VNReWHjhW HgarTuSnFR3vLQDKyjMIEEiBPOI162hS2j3Ba/A/1hJ70HOjloJnd0eWYGxSuIfC DRrzlacFNAzBPZsbRFi1plXrHh5LtNoBBWjl+xyb6jRsB8eXgS+WhzUhOXGUv01E lJTwFy5Kz71d+cAhRXgmz5gVgWuoNJw8AEImefWcy4n0EEK55vdFe0Sl7BfZiwpD Jhx97He6OurNnLrYyJJ0+TsU1L33794Ag2AJZnN1PLFUyrKKNlD1ZWtdsJg99klK dQteUTnnUhgDG5Tqulf0wX19BEkLd/O6CRyGueJcV4h4PFpSoWOh5Yy/BlokFzc8 zf14PjuVueIodaIUXtK+70Zmw7tg09Dx5Asyfuk5hWFPYv856nHlDn7PT724CU8v 1cp96h1IjLR6cF17NO2JCcbU0XZEW+aCkGkPcsY8DhBmaZqxUxXObvTD80Mm7EvN +PuV5cms0sE=2UUA -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4997-2 June 25, 2021
linux-kvm vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
Summary:
Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04.
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. (CVE-2020-24588)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133)
Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. (CVE-2021-23134)
Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code. (CVE-2021-31440)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). An attacker could use this issue to possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3506)
Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. (CVE-2021-3543)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: linux-image-5.11.0-1009-kvm 5.11.0-1009.9 linux-image-kvm 5.11.0.1009.9
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-4997-2 https://ubuntu.com/security/notices/USN-4997-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609
Package Information: https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9
. Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert FluentdNodeDown always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "meraki mr12",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.193"
},
{
"model": "c-75",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "meraki mx67cw",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1852",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "proset wi-fi 6 ax200",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "aironet 1542i",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr33",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-200",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "catalyst 9105",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "proset wireless 7265 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.12"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "1109-4p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-235",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "ac 9560",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.271"
},
{
"model": "webex room 55",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w721-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "webex dx80",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr42",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "20h2"
},
{
"model": "proset wi-fi 6e ax210",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "meraki mr55",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-260",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "proset ac 9260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "catalyst 9130axe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "ir829gw-lte-ga-zk9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex dx70",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1832",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr36",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-110",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "aironet 1810",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr44",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9120",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet ap803",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "scalance w1748-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "meraki mr20",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr70",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "w-68",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "killer wi-fi 6e ax1675",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "proset ac 3168",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "meraki mx68cw",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "proset ac 9461",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "webex board 85s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex room 70 dual",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "killer ac 1550",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "catalyst 9120 ap",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w722-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "meraki mx65w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1810w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9105axw",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "proset ac 8260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "meraki mr53",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w1788-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "c-230",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "meraki mr45",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows rt 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "meraki mr84",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr76",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr86",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-130",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.19"
},
{
"model": "w-118",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "ir829gw-lte-vz-ak9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "1100-8p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex board 55s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829-2lte-ea-ak9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2004"
},
{
"model": "proset ac 9462",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.10"
},
{
"model": "ip phone 6861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9130axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9120axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mx67w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w786-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w788-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance wam763-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1809"
},
{
"model": "scalance w761-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "ac 8265",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "scalance w774-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "catalyst 9124axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex room kit mini",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "proset ac 9560",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "catalyst 9124axd",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki z3c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ac 9260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "aironet iw3702",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.124"
},
{
"model": "meraki mr34",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.12.9"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "scalance w738-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "catalyst 9120axp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki gr60",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr26",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "1101-4p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr72",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-65",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "wi-fi 6 ax201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "scalance w778-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "webex room 70 dual g2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9115axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "mac80211",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.0"
},
{
"model": "meraki mr62",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mx68w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "wi-fi 6 ax200",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.14"
},
{
"model": "c-100",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "ir829-2lte-ea-bk9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829gw-lte-na-ak9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9124",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9117axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9105axi",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1842",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829gw-lte-ga-ek9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8865",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9117 ap",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr46",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance wum766-1 6ghz",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w748-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "aironet 1815i",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr32",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex room 70 single g2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1815",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.4"
},
{
"model": "meraki mr74",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829gw-lte-ga-ck9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8832",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr46e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex room 70 single",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9117",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.42"
},
{
"model": "meraki mr53e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex room 55 dual",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9130",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "1100",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance wum766-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w788-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "c-120",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "proset ac 3165",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "scalance w1788-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "meraki gr10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1909"
},
{
"model": "killer wi-fi 6 ax1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "webex room 70",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829-2lte-ea-ek9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9120axe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "webex board 70s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ir829gw-lte-ga-sk9",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8821",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w786-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "proset ac 8265",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "802.11",
"scope": "eq",
"trust": 1.0,
"vendor": "ieee",
"version": "*"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.0"
},
{
"model": "aironet 1800i",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr30h",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.235"
},
{
"model": "webex board 55",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows 7",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "aironet 1800",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mx64w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "webex room kit",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9115axe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.271"
},
{
"model": "meraki mr52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr42e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "c-250",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "aironet 1532",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance wum763-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "proset wi-fi 6 ax201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "webex board 70",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance wam766-1 6ghz",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "1100-4p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "o-105",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "scalance wam766-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "aironet 1542d",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2004"
},
{
"model": "catalyst 9130 ap",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ac 8260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "scalance w786-2ia",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "catalyst 9115",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "1109-2p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr66",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "scalance w1788-2ia",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w734-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "meraki z3",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "meraki mr56",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 9115 ap",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "o-90",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": null
},
{
"model": "microsoft windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "802.11",
"scope": null,
"trust": 0.8,
"vendor": "ieee",
"version": null
},
{
"model": "microsoft windows 7",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "mac80211",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "microsoft windows server 2016",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft windows 10",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "aterm",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "microsoft windows 8.1",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft windows server 2019",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft windows server 2008",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "nec ai accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "microsoft windows server 2012",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
}
],
"trust": 0.6
},
"cve": "CVE-2020-24588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2020-24588",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2020-24588",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-24588",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24588",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-24588",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-633",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-24588",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. IEEE 802.11 The standard has vulnerabilities related to lack of certification for critical functions.Information may be tampered with. A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586)\nA flaw was found in the Linux kernel\u0027s WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an malicious user to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality. (CVE-2020-24587)\nA flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588)\nFrames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP. (CVE-2020-26139)\nA vulnerability was found in Linux kernel\u0027s WiFi implementation. An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. (CVE-2020-26141)\nA flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity. (CVE-2020-26145)\nA flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel\u0027s WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used. The highest threat from this vulnerability is to integrity. (CVE-2020-26147)\nA flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem. (CVE-2020-26541)\nA vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558)\nA flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129)\nA flaw was found in the Linux kernel\u0027s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-22543)\nA flaw was found in the Linux kernel\u0027s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399)\nA use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)\nThe canbus filesystem in the Linux kernel contains an information leak of kernel memory to devices on the CAN bus network link layer. An attacker with the ability to dump messages on the CAN bus is able to learn of uninitialized stack values by dumbing messages on the can bus. (CVE-2021-34693)\nAn out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local malicious user to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3506)\nA flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564)\nA flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573)\nA flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a denial of service can be triggered by a local unprivileged user causing a kernel panic. (CVE-2021-38208). 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: kernel security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4356-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4356\nIssue date: 2021-11-09\nCVE Names: CVE-2020-0427 CVE-2020-24502 CVE-2020-24503\n CVE-2020-24504 CVE-2020-24586 CVE-2020-24587\n CVE-2020-24588 CVE-2020-26139 CVE-2020-26140\n CVE-2020-26141 CVE-2020-26143 CVE-2020-26144\n CVE-2020-26145 CVE-2020-26146 CVE-2020-26147\n CVE-2020-27777 CVE-2020-29368 CVE-2020-29660\n CVE-2020-36158 CVE-2020-36386 CVE-2021-0129\n CVE-2021-3348 CVE-2021-3489 CVE-2021-3564\n CVE-2021-3573 CVE-2021-3600 CVE-2021-3635\n CVE-2021-3659 CVE-2021-3679 CVE-2021-3732\n CVE-2021-20194 CVE-2021-20239 CVE-2021-23133\n CVE-2021-28950 CVE-2021-28971 CVE-2021-29155\n CVE-2021-29646 CVE-2021-29650 CVE-2021-31440\n CVE-2021-31829 CVE-2021-31916 CVE-2021-33200\n====================================================================\n1. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64\n\n3. \n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter\ndrivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810\nAdapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810\nAdapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys\n(CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame\n(CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client\n(CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks\n(CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks\n(CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042\nheader (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames\n(CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity\n(CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a\nread-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a\nlong SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt()\n(CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure\nvulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c\n(CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation\n(CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device\ninitialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can\nreveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()\n(CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually\nfinds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in\narch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory\n(CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in\nnet/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs\n(CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer\narithmetic can be bypassed to leak content of kernel memory\n(CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits\nfor pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet\nnumbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write\naccess because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at\nlib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in\nnet/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information\nDisclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c\n(CVE-2021-31916)\n\n4. Solution:\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1509204 - dlm: Add ability to set SO_MARK on DLM sockets\n1793880 - Unreliable RTC synchronization (11-minute mode)\n1816493 - [RHEL 8.3] Discard request from mkfs.xfs takes too much time on raid10\n1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity\n1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check\n1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free\n1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()\n1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value\n1915825 - Allow falling back to genfscon labeling when the FS doesn\u0027t support xattrs and there is a fs_use_xattr rule for it\n1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. \n1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c\n1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure\n1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers\n1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers\n1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers\n1933527 - Files on cifs mount can get mixed contents when underlying file is removed but inode number is reused, when mounted with \u0027serverino\u0027 and \u0027cache=strict \u0027\n1939341 - CNB: net: add inline function skb_csum_is_sctp\n1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c\n1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c\n1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS\n1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c\n1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del\n1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory\n1953847 - [ethtool] The `NLM_F_MULTI` should be used for `NLM_F_DUMP`\n1954588 - RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. \n1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory\n1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation\n1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection\n1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys\n1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame\n1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client\n1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks\n1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames\n1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks\n1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header\n1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames\n1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers\n1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments\n1960708 - please add CAP_CHECKPOINT_RESTORE to capability.h\n1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs\n1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails\n1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability. \n1965360 - kernel: get_timespec64 does not ignore padding in compat syscalls\n1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier\n1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()\n1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n1971101 - ceph: potential data corruption in cephfs write_begin codepath\n1972278 - libceph: allow addrvecs with a single NONE/blank address\n1974627 - [TIPC] kernel BUG at lib/list_debug.c:31!\n1975182 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer [rhel-8.5.0]\n1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c\n1976679 - blk-mq: fix/improve io scheduler batching dispatch\n1976699 - [SCTP]WARNING: CPU: 29 PID: 3165 at mm/page_alloc.c:4579 __alloc_pages_slowpath+0xb74/0xd00\n1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50\n1976969 - XFS: followup to XFS sync to upstream v5.10 (re BZ1937116)\n1977162 - [XDP] test program warning: libbpf: elf: skipping unrecognized data section(16) .eh_frame\n1977422 - Missing backport of IMA boot aggregate calculation in rhel 8.4 kernel\n1977537 - RHEL8.5: Update the kernel workqueue code to v5.12 level\n1977850 - geneve virtual devices lack the NETIF_F_FRAGLIST feature\n1978369 - dm writecache: sync with upstream 5.14\n1979070 - Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?)\n1979680 - Backport openvswitch tracepoints\n1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod\n1986138 - Lockd invalid cast to nlm_lockowner\n1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty()\n1989999 - ceph omnibus backport for RHEL-8.5.0\n1991976 - block: fix New warning in nvme_setup_discard\n1992700 - blk-mq: fix kernel panic when iterating over flush request\n1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n1996854 - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nkernel-4.18.0-348.el8.src.rpm\n\naarch64:\nbpftool-4.18.0-348.el8.aarch64.rpm\nbpftool-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-4.18.0-348.el8.aarch64.rpm\nkernel-core-4.18.0-348.el8.aarch64.rpm\nkernel-cross-headers-4.18.0-348.el8.aarch64.rpm\nkernel-debug-4.18.0-348.el8.aarch64.rpm\nkernel-debug-core-4.18.0-348.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debug-devel-4.18.0-348.el8.aarch64.rpm\nkernel-debug-modules-4.18.0-348.el8.aarch64.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm\nkernel-devel-4.18.0-348.el8.aarch64.rpm\nkernel-headers-4.18.0-348.el8.aarch64.rpm\nkernel-modules-4.18.0-348.el8.aarch64.rpm\nkernel-modules-extra-4.18.0-348.el8.aarch64.rpm\nkernel-tools-4.18.0-348.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-tools-libs-4.18.0-348.el8.aarch64.rpm\nperf-4.18.0-348.el8.aarch64.rpm\nperf-debuginfo-4.18.0-348.el8.aarch64.rpm\npython3-perf-4.18.0-348.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm\n\nnoarch:\nkernel-abi-stablelists-4.18.0-348.el8.noarch.rpm\nkernel-doc-4.18.0-348.el8.noarch.rpm\n\nppc64le:\nbpftool-4.18.0-348.el8.ppc64le.rpm\nbpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-4.18.0-348.el8.ppc64le.rpm\nkernel-core-4.18.0-348.el8.ppc64le.rpm\nkernel-cross-headers-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-core-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-devel-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-modules-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm\nkernel-devel-4.18.0-348.el8.ppc64le.rpm\nkernel-headers-4.18.0-348.el8.ppc64le.rpm\nkernel-modules-4.18.0-348.el8.ppc64le.rpm\nkernel-modules-extra-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-libs-4.18.0-348.el8.ppc64le.rpm\nperf-4.18.0-348.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-348.el8.ppc64le.rpm\npython3-perf-4.18.0-348.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm\n\ns390x:\nbpftool-4.18.0-348.el8.s390x.rpm\nbpftool-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-4.18.0-348.el8.s390x.rpm\nkernel-core-4.18.0-348.el8.s390x.rpm\nkernel-cross-headers-4.18.0-348.el8.s390x.rpm\nkernel-debug-4.18.0-348.el8.s390x.rpm\nkernel-debug-core-4.18.0-348.el8.s390x.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-debug-devel-4.18.0-348.el8.s390x.rpm\nkernel-debug-modules-4.18.0-348.el8.s390x.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.s390x.rpm\nkernel-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-debuginfo-common-s390x-4.18.0-348.el8.s390x.rpm\nkernel-devel-4.18.0-348.el8.s390x.rpm\nkernel-headers-4.18.0-348.el8.s390x.rpm\nkernel-modules-4.18.0-348.el8.s390x.rpm\nkernel-modules-extra-4.18.0-348.el8.s390x.rpm\nkernel-tools-4.18.0-348.el8.s390x.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-core-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-devel-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-modules-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-modules-extra-4.18.0-348.el8.s390x.rpm\nperf-4.18.0-348.el8.s390x.rpm\nperf-debuginfo-4.18.0-348.el8.s390x.rpm\npython3-perf-4.18.0-348.el8.s390x.rpm\npython3-perf-debuginfo-4.18.0-348.el8.s390x.rpm\n\nx86_64:\nbpftool-4.18.0-348.el8.x86_64.rpm\nbpftool-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-4.18.0-348.el8.x86_64.rpm\nkernel-core-4.18.0-348.el8.x86_64.rpm\nkernel-cross-headers-4.18.0-348.el8.x86_64.rpm\nkernel-debug-4.18.0-348.el8.x86_64.rpm\nkernel-debug-core-4.18.0-348.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debug-devel-4.18.0-348.el8.x86_64.rpm\nkernel-debug-modules-4.18.0-348.el8.x86_64.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm\nkernel-devel-4.18.0-348.el8.x86_64.rpm\nkernel-headers-4.18.0-348.el8.x86_64.rpm\nkernel-modules-4.18.0-348.el8.x86_64.rpm\nkernel-modules-extra-4.18.0-348.el8.x86_64.rpm\nkernel-tools-4.18.0-348.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-tools-libs-4.18.0-348.el8.x86_64.rpm\nperf-4.18.0-348.el8.x86_64.rpm\nperf-debuginfo-4.18.0-348.el8.x86_64.rpm\npython3-perf-4.18.0-348.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\nbpftool-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.aarch64.rpm\nperf-debuginfo-4.18.0-348.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm\n\nppc64le:\nbpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-348.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.x86_64.rpm\nperf-debuginfo-4.18.0-348.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdRdzjgjWX9erEAQhs0w//as9X4T+FCf3TAbcNIStxlOK6fbJoAlST\nFrgNJnRH3RmT+VxRSLWZcsJQf78kudeJWtMezbGSVREfhCMBCGhKZ7mvVp5P7J8l\nbobmdaap3hqkPqq66VuKxGuS+6j0rXXgGQH034yzoX+L/lx6KV9qdAnZZO+7kWcy\nSfX0GkLg0ARDMfsoUKwVmeUeNLhPlJ4ZH2rBdZ4FhjyEAG/5yL9JwU/VNReWHjhW\nHgarTuSnFR3vLQDKyjMIEEiBPOI162hS2j3Ba/A/1hJ70HOjloJnd0eWYGxSuIfC\nDRrzlacFNAzBPZsbRFi1plXrHh5LtNoBBWjl+xyb6jRsB8eXgS+WhzUhOXGUv01E\nlJTwFy5Kz71d+cAhRXgmz5gVgWuoNJw8AEImefWcy4n0EEK55vdFe0Sl7BfZiwpD\nJhx97He6OurNnLrYyJJ0+TsU1L33794Ag2AJZnN1PLFUyrKKNlD1ZWtdsJg99klK\ndQteUTnnUhgDG5Tqulf0wX19BEkLd/O6CRyGueJcV4h4PFpSoWOh5Yy/BlokFzc8\nzf14PjuVueIodaIUXtK+70Zmw7tg09Dx5Asyfuk5hWFPYv856nHlDn7PT724CU8v\n1cp96h1IjLR6cF17NO2JCcbU0XZEW+aCkGkPcsY8DhBmaZqxUxXObvTD80Mm7EvN\n+PuV5cms0sE=2UUA\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4997-2\nJune 25, 2021\n\nlinux-kvm vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \nThis update provides the corresponding updates for the Linux KVM\nkernel for Ubuntu 21.04. \n\nNorbert Slusarek discovered a race condition in the CAN BCM networking\nprotocol of the Linux kernel leading to multiple use-after-free\nvulnerabilities. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-3609)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly enforce limits for pointer operations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-33200)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled certain malformed frames. If a user were tricked into\nconnecting to a malicious server, a physically proximate attacker could use\nthis issue to inject packets. (CVE-2020-24588)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly verify certain fragmented frames. A physically proximate\nattacker could possibly use this issue to inject or decrypt packets. A physically proximate\nattacker could use this issue to inject packets. (CVE-2020-26145)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-23133)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. (CVE-2021-23134)\n\nManfred Paul discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel contained an out-of-bounds\nvulnerability. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-31440)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly prevent speculative loads in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). An attacker could use this\nissue to possibly execute arbitrary code. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-3506)\n\nMathias Krause discovered that a null pointer dereference existed in the\nNitro Enclaves kernel driver of the Linux kernel. (CVE-2021-3543)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n linux-image-5.11.0-1009-kvm 5.11.0-1009.9\n linux-image-kvm 5.11.0.1009.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-4997-2\n https://ubuntu.com/security/notices/USN-4997-1\n CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139,\n CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133,\n CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399,\n CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543,\n CVE-2021-3609\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9\n\n. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24588"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "PACKETSTORM",
"id": "164875"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "164837"
},
{
"db": "PACKETSTORM",
"id": "163255"
},
{
"db": "PACKETSTORM",
"id": "163291"
},
{
"db": "PACKETSTORM",
"id": "163301"
},
{
"db": "PACKETSTORM",
"id": "164967"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24588",
"trust": 4.0
},
{
"db": "SIEMENS",
"id": "SSA-913875",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/11/12",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU93485736",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-102-04",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164875",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163291",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2409",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2876",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2509",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3825",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2079",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0995",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2249",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1587",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1715",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2216",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1628",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051814",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051920",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051715",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041319",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031521",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051227",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100407",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051118",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163249",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-104-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-236-01",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-57316",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-61212",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24588",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163255",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163301",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164967",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "PACKETSTORM",
"id": "164875"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "164837"
},
{
"db": "PACKETSTORM",
"id": "163255"
},
{
"db": "PACKETSTORM",
"id": "163291"
},
{
"db": "PACKETSTORM",
"id": "163301"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"id": "VAR-202105-1431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3638431
},
"last_update_date": "2025-12-22T22:58:52.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page NEC NEC Product security information",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"title": "Microsoft Windows Wireless Networking Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=151563"
},
{
"title": "Red Hat: CVE-2020-24588",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2020-24588"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-24588 log"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-004"
},
{
"title": "Cisco: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-wifi-faf-22epcEWu"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.10-2022-002"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-24588 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/kali973/fragAttacks "
},
{
"title": "fragattacks",
"trust": 0.1,
"url": "https://github.com/vanhoefm/fragattacks "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-wifi-faf-22epcewu"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24588"
},
{
"trust": 1.7,
"url": "https://www.fragattacks.com"
},
{
"trust": 1.7,
"url": "https://github.com/vanhoefm/fragattacks/blob/master/summary.md"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu93485736/"
},
{
"trust": 0.6,
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-61212"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051227"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051920"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2216"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2876"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-10-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0995"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1628"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3825"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2368"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100407"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-24588"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0845"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051715"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051814"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wi-fi-devices-multiple-vulnerabilities-via-fragattacks-35386"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2509"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051118"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163291/ubuntu-security-notice-usn-5000-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164875/red-hat-security-advisory-2021-4140-02.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2249"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2409"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041319"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163249/ubuntu-security-notice-usn-4997-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1587"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-57316"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202111-0000001218088197"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2079"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2290"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20210513-01-fragattacks-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1715"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031521"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26147"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24586"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26145"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23133"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24587"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26141"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26139"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3506"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26144"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24504"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20239"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20194"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26143"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29368"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26140"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36386"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28971"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36158"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26146"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31440"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31829"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-24588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-04"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alaskernel-5.4-2022-004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5137"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5001-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1033.34"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5000-2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5000-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1041.42"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4997-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4997-2"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4627"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "PACKETSTORM",
"id": "164875"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "164837"
},
{
"db": "PACKETSTORM",
"id": "163255"
},
{
"db": "PACKETSTORM",
"id": "163291"
},
{
"db": "PACKETSTORM",
"id": "163301"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"db": "PACKETSTORM",
"id": "164875"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "164837"
},
{
"db": "PACKETSTORM",
"id": "163255"
},
{
"db": "PACKETSTORM",
"id": "163291"
},
{
"db": "PACKETSTORM",
"id": "163301"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"date": "2021-11-10T17:10:23",
"db": "PACKETSTORM",
"id": "164875"
},
{
"date": "2021-12-15T15:27:05",
"db": "PACKETSTORM",
"id": "165296"
},
{
"date": "2021-11-10T17:04:39",
"db": "PACKETSTORM",
"id": "164837"
},
{
"date": "2021-06-23T15:41:26",
"db": "PACKETSTORM",
"id": "163255"
},
{
"date": "2021-06-27T12:22:22",
"db": "PACKETSTORM",
"id": "163291"
},
{
"date": "2021-06-28T16:22:26",
"db": "PACKETSTORM",
"id": "163301"
},
{
"date": "2021-11-15T17:25:56",
"db": "PACKETSTORM",
"id": "164967"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"date": "2021-05-11T20:15:08.613000",
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24588"
},
{
"date": "2023-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-633"
},
{
"date": "2024-02-27T02:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-006877"
},
{
"date": "2023-04-01T22:15:08.467000",
"db": "NVD",
"id": "CVE-2020-24588"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IEEE\u00a0802.11\u00a0 Vulnerabilities related to lack of certification for critical functions in standards",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-633"
}
],
"trust": 0.6
}
}
VAR-201805-0963
Vulnerability from variot - Updated: 2025-12-22 21:34Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities.
For the stable distribution (stretch), these problems have been fixed in version 3.20180703.2~deb9u1.
We recommend that you upgrade your intel-microcode packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:1656-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1656 Issue date: 2018-05-21 CVE Names: CVE-2018-3639 =====================================================================
- Summary:
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64
- Description:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
- An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)
Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
- Package List:
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: qemu-kvm-0.12.1.2-2.355.el6_4.11.src.rpm
x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.11.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.11.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.11.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.11.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.11.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBWwQw/NzjgjWX9erEAQibHhAAnQB3w7HZPsbJL4CZmQ6RiV2jFetYREs4 3uKesj4cIVIg5J1LtGU7sr8HW6dObPGoaqUcTtufUJRGYeQ0K70HJBdnQp7uzG7E 8xR4IjPcYYlPXQKTkFSVRhSi70UMljLMrNKkSK0bx5SSTr6n9EDbgJ2NqqIUa/Se ltBHixPaMZsGF039djGCmTaeqzApL54KxbRS7ypC5FI2nM6CmGNpSTzL7g30lgVu ryb4IrmG6OeujXA6WYMRjR7/ELfZ/APQFBnZwY4SnBlO544mu6WT7dh2fqnOqZy4 7vfXvhw/S7BqhBW+YTh9dp+KKXaeU/GhIrdTtJ7G5eF2QC0wZp1NxHhq7CMN/ROE sj12U4EEZwn0/J+/DZu8eoXsDu8vA1u4JYr0fhDKlnGL1grkfHyzS83isTrelPkr Rug5Efss9YNrUlPJIjcvPRmGOBEwHev73PYGRbEq/T0BeLKK9w3aXJX35hfoSaCU yNCkR06oH4q8mvK1kIvwOdkZOiPhezYDz91PsCZ9W7TO0meOyb1OVSL3z5KfsnhT 95g3HETNqfAkzO4kh/CG63mlkdWpwU1r4+SnzV88iZcqZIR8d47Iy/2SwZhISIzu 0b3T1Jh1Tp3TlhX86gJa0GpzlpAz3Hs0vuULuSnQz02K7B6V56R/rRe+1IsqZR3H QDFk7cwzswg= =J81W -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14
macOS Mojave 10.14 addresses the following:
Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012) , Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)
afpserver Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley Entry added October 30, 2018
App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.
AppleGraphicsControl Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Application Firewall Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A configuration issue was addressed with additional restrictions. CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.
APR Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT Entry added October 30, 2018
ATS Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
ATS Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) Entry added October 30, 2018
Auto Unlock Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
CoreFoundation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018
Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad
CUPS Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch Entry added October 30, 2018
CUPS Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Entry added October 30, 2018
Dictionary Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Entry added October 30, 2018
Grand Central Dispatch Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018
Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Entry added October 30, 2018
iBooks Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018
Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Entry added October 30, 2018
Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America Entry added October 30, 2018
Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Entry added October 30, 2018
IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018
IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018
Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018
Kernel Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018
Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
LibreSSL Impact: Multiple issues in libressl were addressed in this update Description: Multiple issues were addressed by updating to libressl version 2.6.4. CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-702 Entry added October 30, 2018
Login Window Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Entry added October 30, 2018
mDNSOffloadUserClient Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018
MediaRemote Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) Entry added October 30, 2018
Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018
Security Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
Spotlight Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Entry added October 30, 2018
Symptom Framework Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018
Wi-Fi Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Additional recognition
Accessibility Framework We would like to acknowledge Ryan Govostes for their assistance.
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
CoreDAV We would like to acknowledge an anonymous researcher for their assistance.
CoreGraphics We would like to acknowledge Nitin Arya of Roblox Corporation for their assistance.
CoreSymbolication We would like to acknowledge Brandon Azad for their assistance.
IOUSBHostFamily We would like to acknowledge an anonymous researcher for their assistance.
Kernel We would like to acknowledge Brandon Azad for their assistance.
Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Quick Look We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing and Patrick Wardle of Digita Security and lokihardt of Google Project Zero for their assistance.
Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Terminal We would like to acknowledge an anonymous researcher for their assistance.
WindowServer We would like to acknowledge Patrick Wardle of Digita Security for their assistance.
Installation note:
macOS Mojave 10.14 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/ rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST 1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu 1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k= =i9YR -----END PGP SIGNATURE----- . Description:
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Description:
The org.ovirt.engine-root is a core component of oVirt. 5 ELS) - i386, noarch, s390x, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system. Description:
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.
Software Description: - intel-microcode: Processor microcode for Intel CPUs
Details:
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). This vulnerability is also known as Rogue System Register Read (RSRE). ========================================================================== Ubuntu Security Notice USN-3655-1 May 22, 2018
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were addressed in the Linux kernel. (CVE-2018-3639)
Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134)
It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220)
It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. (CVE-2017-13305)
It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. (CVE-2017-17449)
It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079)
It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)
It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)
It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)
Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221)
Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.13.0-149-generic 3.13.0-149.199 linux-image-3.13.0-149-generic-lpae 3.13.0-149.199 linux-image-3.13.0-149-lowlatency 3.13.0-149.199 linux-image-3.13.0-149-powerpc-e500 3.13.0-149.199 linux-image-3.13.0-149-powerpc-e500mc 3.13.0-149.199 linux-image-3.13.0-149-powerpc-smp 3.13.0-149.199 linux-image-3.13.0-149-powerpc64-emb 3.13.0-149.199 linux-image-3.13.0-149-powerpc64-smp 3.13.0-149.199 linux-image-generic 3.13.0.149.159 linux-image-generic-lpae 3.13.0.149.159 linux-image-lowlatency 3.13.0.149.159 linux-image-powerpc-e500 3.13.0.149.159 linux-image-powerpc-e500mc 3.13.0.149.159 linux-image-powerpc-smp 3.13.0.149.159 linux-image-powerpc64-emb 3.13.0.149.159 linux-image-powerpc64-smp 3.13.0.149.159
Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4) may require corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the SSBD feature is required to enable the kernel mitigations. BIOS vendors will be making updates available for Intel processors that implement SSBD and Ubuntu is working with Intel to provide future microcode updates. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu provided corresponding QEMU updates for users of self-hosted virtual environments in USN 3651-1. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines.
References: https://usn.ubuntu.com/usn/usn-3655-1 CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449, CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208, CVE-2017-18221, CVE-2018-3639, CVE-2018-8822, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4
Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-149.199
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xeon e5 2650l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v4"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "xeon e5 2430l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736g"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v3"
},
{
"model": "xeon e3 1225 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1809"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3850"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "xeon e5 2637",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4807"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "15"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3480"
},
{
"model": "simatic ipc827d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3580"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3480"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5504"
},
{
"model": "xeon e3 1278l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830"
},
{
"model": "simatic ipc427e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v2"
},
{
"model": "jetson tx2",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r28.3"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160"
},
{
"model": "xeon e3 1265l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4109t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v2"
},
{
"model": "xeon e5 2603 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "57"
},
{
"model": "xeon e5 2620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5507"
},
{
"model": "xeon e3 1281 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660"
},
{
"model": "xeon e5 2450l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735d"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867l"
},
{
"model": "xeon e5 2630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8180"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2650l_v4"
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e5 2648l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v3"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3455"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5580"
},
{
"model": "mivoice border gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134m"
},
{
"model": "surface",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "mivoic mx-one",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e5 2438l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2480"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86144"
},
{
"model": "xeon e5 2470 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc547e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.30.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "xeon e5 2407 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "xeon e5 2609 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v3"
},
{
"model": "simatic ipc647c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.01.14"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3808"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5508_"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86132"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640"
},
{
"model": "xeon e3 1245",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2418l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3600"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120t"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n5000"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3785"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5550"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3827"
},
{
"model": "simatic ipc827c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "xeon e5 1428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v3"
},
{
"model": "xeon e5 2430",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4890_v2"
},
{
"model": "xeon e5 2428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667"
},
{
"model": "xeon e5 2618l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603_v2"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4105"
},
{
"model": "simatic ipc427d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4880_v2"
},
{
"model": "itc1500 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176f"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4648_v3"
},
{
"model": "xeon e5 1660 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ruggedcom ape",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8857_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8837"
},
{
"model": "xeon e5 2620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4628l_v4"
},
{
"model": "xeon e5 2618l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85115"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2665"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v2"
},
{
"model": "xeon e5 2630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v4"
},
{
"model": "xeon e3 1265l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3538"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v2"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j5005"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3570"
},
{
"model": "xeon e5 1680 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "sonicosv",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5520"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160f"
},
{
"model": "email security",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4624l_v2"
},
{
"model": "xeon e5 1650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1268l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v4"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2520"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85119t"
},
{
"model": "xeon e5 2608l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "itc2200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2803"
},
{
"model": "xeon e5 2643 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607_v2"
},
{
"model": "xeon e5 1620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3308"
},
{
"model": "secure mobile access",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e5 2637 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3955"
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3530"
},
{
"model": "xeon e5 2630l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2460"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86146"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5506"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8158"
},
{
"model": "simatic ipc677d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "cloud global management system",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "xeon e5 2408l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3758"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e5 1650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "surface pro with lte advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1807"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "simatic ipc477e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "xeon e3 1275 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v2"
},
{
"model": "xeon e3 1240 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v4"
},
{
"model": "simatic ipc847c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.01.14"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5560"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3845"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2308"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650"
},
{
"model": "xeon e5 2637 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820"
},
{
"model": "mivoice business",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870_v2"
},
{
"model": "xeon e5 2630l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8168"
},
{
"model": "xeon e3 1241 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160m"
},
{
"model": "xeon e3 1230l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v3"
},
{
"model": "xeon e3 1225",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v3"
},
{
"model": "xeon e3 1271 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "itc2200 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5506"
},
{
"model": "xeon e5 1650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2760"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3406"
},
{
"model": "xeon e3 1245 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "jetson tx1",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r28.3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3403"
},
{
"model": "xeon e5 2623 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v2"
},
{
"model": "xeon e3 1240 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658"
},
{
"model": "xeon e3 1285 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3440"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3460"
},
{
"model": "xeon e5 2628l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v3"
},
{
"model": "xeon e5 2630 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86128"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148f"
},
{
"model": "local service management system",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4000"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3590"
},
{
"model": "xeon e5 1428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "micloud management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "*"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1796"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v3"
},
{
"model": "xeon e5 2448l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745d"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "struxureware data center expert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.6.0"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860"
},
{
"model": "xeon e5 2637 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v3"
},
{
"model": "xeon e3 1285l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3958"
},
{
"model": "simatic ipc547g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.23.0"
},
{
"model": "xeon e5 2418l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3805"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3825"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770d"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3508"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8153"
},
{
"model": "xeon e5 2603 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170"
},
{
"model": "xeon e3 1286l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1660 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4100"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5115"
},
{
"model": "xeon e3 12201 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5503"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v2"
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4005"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3826"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v4"
},
{
"model": "xeon e3 1225 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1703"
},
{
"model": "xeon e3 1240l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3460"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v2"
},
{
"model": "atom x7-e3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v3"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "12"
},
{
"model": "xeon e5 2448l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2407",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3430"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v3"
},
{
"model": "xeon e3 1270 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v3"
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2618l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v2"
},
{
"model": "xeon e3 1220 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3470"
},
{
"model": "xeon e5 2603 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc477e pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160t"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112"
},
{
"model": "xeon e3 1276 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4108"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e5 2650l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699r_v4"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3815"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5518_"
},
{
"model": "xeon e5 1620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5590"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610"
},
{
"model": "xeon e3 1220l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v3"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "xeon e3 1226 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3338"
},
{
"model": "xeon e5 1428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740d"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "125c_"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86154"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8164"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658a_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690"
},
{
"model": "xeon e5 2648l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2603",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v3"
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e5 2628l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116"
},
{
"model": "xeon e3 1285 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "xeon e3 12201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v4"
},
{
"model": "xeon e5 2418l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic field pg m5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "22.01.06"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v3"
},
{
"model": "simatic ipc677c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3750"
},
{
"model": "xeon e5 1630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5 2450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86136"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699a_v4"
},
{
"model": "xeon e5 2403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "13"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6550"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "xeon e3 1270 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735g"
},
{
"model": "xeon e5 2403 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2440",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v2"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4205"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2580"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735e"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8830"
},
{
"model": "surface book",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1220_"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3558"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v4"
},
{
"model": "surface studio",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3950"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697a_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870"
},
{
"model": "simatic ipc847d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "xeon e3 1245 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500"
},
{
"model": "xeon e5 1630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v4"
},
{
"model": "itc1900 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5 2470",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "10"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v4"
},
{
"model": "xeon e5 2648l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik pcu 50.5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5530"
},
{
"model": "xeon e3 1220 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e-1105c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik 840 d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e3 1258l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740"
},
{
"model": "simatic itp1000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "23.01.04"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3858"
},
{
"model": "xeon e3 1235",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650l"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simotion p320-4e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "xeon e5 2640 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v4"
},
{
"model": "xeon e5 2609 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3450"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860"
},
{
"model": "simatic ipc477c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3426"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86152"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "xeon e5 1620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1275_"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5540"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2890_v2"
},
{
"model": "xeon e5 1660 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v4"
},
{
"model": "open integration gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc477d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "simatic et 200 sp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v3"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "xeon e5 2420 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176m"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140m"
},
{
"model": "xeon e3 1265l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775d"
},
{
"model": "xeon e3 1246 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "local service management system",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "xeon e3 1275l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148"
},
{
"model": "xeon e5 2623 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4657l_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2420"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850"
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v4"
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138t"
},
{
"model": "simatic ipc427c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "simatic ipc347e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6510"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3830"
},
{
"model": "xeon e5 1660",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik tcu 30.3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "mivoice connect",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e5 2630",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc627d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "xeon e3 1230 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v4"
},
{
"model": "xeon e5 2440 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "mivoice 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "itc1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5 2648l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85122"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3708"
},
{
"model": "xeon e3 1290 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1680 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1125c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8156"
},
{
"model": "xeon e3 1231 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2830"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2628l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "72"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8894_v4"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870"
},
{
"model": "simatic ipc3000 smart",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680"
},
{
"model": "xeon e5 2640",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5502"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4617"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6540"
},
{
"model": "simatic ipc647d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "xeon e3 1280 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1270",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4200"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5530"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v3"
},
{
"model": "xeon e3 1105c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114t"
},
{
"model": "simatic field pg m4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "18.01.09"
},
{
"model": "itc1900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic ipc627c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e3 1286 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1290",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3450"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5570"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86150"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5520"
},
{
"model": "mrg realtime",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2880_v2"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3795"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v4"
},
{
"model": "xeon e3 1240",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "surface book",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130f"
},
{
"model": "xeon e5 2608l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85118"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "cortex a57",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "5th generation core processors",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "cortex a72",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "3rd generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "2nd generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor a series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor c series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor e series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor t series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x0"
},
{
"model": "atom processor z series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x990"
},
{
"model": "celeron processor j series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "celeron processor n series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core m processor family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x2990"
},
{
"model": "pentium processor n series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "pentium processor silver series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "34000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "36000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "55000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "56000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "75000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "65000"
},
{
"model": "pentium processor j series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v50"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v60"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "147742"
},
{
"db": "PACKETSTORM",
"id": "148506"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
}
],
"trust": 0.8
},
"cve": "CVE-2018-3639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-3639",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-13391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-133670",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-3639",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3639",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-13391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133670",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.20180703.2~deb9u1. \n\nWe recommend that you upgrade your intel-microcode packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: qemu-kvm security update\nAdvisory ID: RHSA-2018:1656-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1656\nIssue date: 2018-05-21\nCVE Names: CVE-2018-3639 \n=====================================================================\n\n1. Summary:\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4\nAdvanced Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\n\n3. Description:\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM. \n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load \u0026 Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor\u0027s data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1566890 - CVE-2018-3639 hw: cpu: speculative store bypass\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nqemu-kvm-0.12.1.2-2.355.el6_4.11.src.rpm\n\nx86_64:\nqemu-guest-agent-0.12.1.2-2.355.el6_4.11.x86_64.rpm\nqemu-img-0.12.1.2-2.355.el6_4.11.x86_64.rpm\nqemu-kvm-0.12.1.2-2.355.el6_4.11.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm\nqemu-kvm-tools-0.12.1.2-2.355.el6_4.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nx86_64:\nqemu-guest-agent-win32-0.12.1.2-2.355.el6_4.11.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBWwQw/NzjgjWX9erEAQibHhAAnQB3w7HZPsbJL4CZmQ6RiV2jFetYREs4\n3uKesj4cIVIg5J1LtGU7sr8HW6dObPGoaqUcTtufUJRGYeQ0K70HJBdnQp7uzG7E\n8xR4IjPcYYlPXQKTkFSVRhSi70UMljLMrNKkSK0bx5SSTr6n9EDbgJ2NqqIUa/Se\nltBHixPaMZsGF039djGCmTaeqzApL54KxbRS7ypC5FI2nM6CmGNpSTzL7g30lgVu\nryb4IrmG6OeujXA6WYMRjR7/ELfZ/APQFBnZwY4SnBlO544mu6WT7dh2fqnOqZy4\n7vfXvhw/S7BqhBW+YTh9dp+KKXaeU/GhIrdTtJ7G5eF2QC0wZp1NxHhq7CMN/ROE\nsj12U4EEZwn0/J+/DZu8eoXsDu8vA1u4JYr0fhDKlnGL1grkfHyzS83isTrelPkr\nRug5Efss9YNrUlPJIjcvPRmGOBEwHev73PYGRbEq/T0BeLKK9w3aXJX35hfoSaCU\nyNCkR06oH4q8mvK1kIvwOdkZOiPhezYDz91PsCZ9W7TO0meOyb1OVSL3z5KfsnhT\n95g3HETNqfAkzO4kh/CG63mlkdWpwU1r4+SnzV88iZcqZIR8d47Iy/2SwZhISIzu\n0b3T1Jh1Tp3TlhX86gJa0GpzlpAz3Hs0vuULuSnQz02K7B6V56R/rRe+1IsqZR3H\nQDFk7cwzswg=\n=J81W\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-9 Additional information for\nAPPLE-SA-2018-9-24-1 macOS Mojave 10.14\n\nmacOS Mojave 10.14 addresses the following:\n\nBluetooth\nAvailable for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)\n, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac\n(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),\nMac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)\n, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro\n(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air\n(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air\n(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air\n(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air\n(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro\n(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),\nMacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,\n13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nThe updates below are available for these Mac models:\nMacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),\nMacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),\niMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013, Mid 2010, and Mid 2012 models with recommended\nMetal-capable graphics processor, including MSI Gaming Radeon RX 560\nand Sapphire Radeon PULSE RX 580)\n\nafpserver\nImpact: A remote attacker may be able to attack AFP servers through\nHTTP clients\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC\nBerkeley\nEntry added October 30, 2018\n\nApp Store\nImpact: A malicious application may be able to determine the Apple ID\nof the owner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. This issue was addressed with improved access controls. \nCVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. \n\nAppleGraphicsControl\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4417: Lee of the Information Security Lab Yonsei University\nworking with Trend Micro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nApplication Firewall\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2018-4353: Abhinav Bansal of LinkedIn Inc. \n\nAPR\nImpact: Multiple buffer overflow issues existed in Perl\nDescription: Multiple issues in Perl were addressed with improved\nmemory handling. \nCVE-2017-12613: Craig Young of Tripwire VERT\nCVE-2017-12618: Craig Young of Tripwire VERT\nEntry added October 30, 2018\n\nATS\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend\nMicro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nATS\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4308: Mohamed Ghannam (@_simo36)\nEntry added October 30, 2018\n\nAuto Unlock\nImpact: A malicious application may be able to access local users\nAppleIDs\nDescription: A validation issue existed in the entitlement\nverification. This issue was addressed with improved validation of\nthe process entitlement. \nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nCFNetwork\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nCrash Reporter\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4333: Brandon Azad\n\nCUPS\nImpact: In certain configurations, a remote attacker may be able to\nreplace the message content from the print server with arbitrary\ncontent\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2018-4153: Michael Hanselmann of hansmi.ch\nEntry added October 30, 2018\n\nCUPS\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4406: Michael Hanselmann of hansmi.ch\nEntry added October 30, 2018\n\nDictionary\nImpact: Parsing a maliciously crafted dictionary file may lead to\ndisclosure of user information\nDescription: A validation issue existed which allowed local file\naccess. This was addressed with input sanitization. \nCVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing\nEntry added October 30, 2018\n\nGrand Central Dispatch\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\nEntry added October 30, 2018\n\nHeimdal\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas\nF. Wenisch of University of Michigan, Mark Silberstein and Marina\nMinkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens\nof KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu\nof Intel Corporation, Yuval Yarom of The University of Adelaide\nEntry added October 30, 2018\n\niBooks\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2018-4355: evi1m0 of bilibili security team\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4396: Yu Wang of Didi Research America\nCVE-2018-4418: Yu Wang of Didi Research America\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2018-4351: Appology Team @ Theori working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4350: Yu Wang of Didi Research America\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4334: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOHIDFamily\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4383: Apple\nEntry added October 30, 2018\n\nIOUserEthernet\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\nEntry added October 30, 2018\n\nKernel\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2018-4399: Fabiano Anemone (@anoane)\nEntry added October 30, 2018\n\nKernel\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \nEntry added October 30, 2018\n\nKernel\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4337: Ian Beer of Google Project Zero\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nLibreSSL\nImpact: Multiple issues in libressl were addressed in this update\nDescription: Multiple issues were addressed by updating to libressl\nversion 2.6.4. \nCVE-2015-3194\nCVE-2015-5333\nCVE-2015-5334\nCVE-2016-702\nEntry added October 30, 2018\n\nLogin Window\nImpact: A local user may be able to cause a denial of service\nDescription: A validation issue was addressed with improved logic. \nCVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of\nMWR InfoSecurity\nEntry added October 30, 2018\n\nmDNSOffloadUserClient\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4326: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\nEntry added October 30, 2018\n\nMediaRemote\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. This ensures that older data read from\nrecently-written-to addresses cannot be read via a speculative\nside-channel. \nCVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken\nJohnson of the Microsoft Security Response Center (MSRC)\nEntry added October 30, 2018\n\nSecurity\nImpact: A local user may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2018-4395: Patrick Wardle of Digita Security\nEntry added October 30, 2018\n\nSecurity\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nSpotlight\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4393: Lufeng Li\nEntry added October 30, 2018\n\nSymptom Framework\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nText\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\nEntry added October 30, 2018\n\nWi-Fi\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend\nMicro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nAdditional recognition\n\nAccessibility Framework\nWe would like to acknowledge Ryan Govostes for their assistance. \n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nCoreDAV\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nCoreGraphics\nWe would like to acknowledge Nitin Arya of Roblox Corporation for\ntheir assistance. \n\nCoreSymbolication\nWe would like to acknowledge Brandon Azad for their assistance. \n\nIOUSBHostFamily\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nMail\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet\nSE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron\nSoftware Systems, and Zbyszek A\u003e\u003eA3Akiewski for their assistance. \n\nQuick Look\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nand Patrick Wardle of Digita Security and lokihardt of Google Project\nZero for their assistance. \n\nSecurity\nWe would like to acknowledge Christoph Sinai, Daniel Dudek\n(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)\nof ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of\nShapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson\nDing, and an anonymous researcher for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nTerminal\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWindowServer\nWe would like to acknowledge Patrick Wardle of Digita Security for\ntheir assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA\niVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A\nzqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr\nd9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt\nVoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl\nWzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL\nTecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/\nrpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z\nw9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl\ne2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST\n1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu\n1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k=\n=i9YR\n-----END PGP SIGNATURE-----\n. Description:\n\nThe VDSM service is required by a Virtualization Manager to manage the\nLinux hosts. VDSM manages and monitors the host\u0027s storage, memory and\nnetworks as well as virtual machine creation, other host administration\ntasks, statistics gathering, and log collection. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. 5 ELS) - i386, noarch, s390x, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. Description:\n\nThe libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems. \n\nSoftware Description:\n- intel-microcode: Processor microcode for Intel CPUs\n\nDetails:\n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. This vulnerability is also known as L1 Terminal Fault (L1TF). This vulnerability is also known as Rogue\nSystem Register Read (RSRE). ==========================================================================\nUbuntu Security Notice USN-3655-1\nMay 22, 2018\n\nlinux vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. (CVE-2018-3639)\n\nJan H. Schonherr discovered that the Xen subsystem did not properly handle\nblock IO merges correctly in some situations. An attacker in a guest vm\ncould use this to cause a denial of service (host crash) or possibly gain\nadministrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in the\nLinux kernel did not properly validate HID connection setup information. An\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the\nkeyring subsystem of the Linux kernel. (CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not\nproperly restrict observations of netlink messages to the appropriate net\nnamespace. (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial device\ndriver implementation in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper\ncomponent of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2)\nimplementation in the Linux kernel in certain circumstances. A local\nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory locking\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS\nimplementation in the Linux kernel. A remote attacker controlling a\nmalicious NCPFS server could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-8822)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-3.13.0-149-generic 3.13.0-149.199\n linux-image-3.13.0-149-generic-lpae 3.13.0-149.199\n linux-image-3.13.0-149-lowlatency 3.13.0-149.199\n linux-image-3.13.0-149-powerpc-e500 3.13.0-149.199\n linux-image-3.13.0-149-powerpc-e500mc 3.13.0-149.199\n linux-image-3.13.0-149-powerpc-smp 3.13.0-149.199\n linux-image-3.13.0-149-powerpc64-emb 3.13.0-149.199\n linux-image-3.13.0-149-powerpc64-smp 3.13.0-149.199\n linux-image-generic 3.13.0.149.159\n linux-image-generic-lpae 3.13.0.149.159\n linux-image-lowlatency 3.13.0.149.159\n linux-image-powerpc-e500 3.13.0.149.159\n linux-image-powerpc-e500mc 3.13.0.149.159\n linux-image-powerpc-smp 3.13.0.149.159\n linux-image-powerpc64-emb 3.13.0.149.159\n linux-image-powerpc64-smp 3.13.0.149.159\n\nPlease note that fully mitigating CVE-2018-3639 (Spectre Variant 4)\nmay require corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. On i386 and amd64\narchitectures, the SSBD feature is required to enable the kernel\nmitigations. BIOS vendors will be making updates available for Intel\nprocessors that implement SSBD and Ubuntu is working with Intel to\nprovide future microcode updates. Ubuntu users with a processor from\na different vendor should contact the vendor to identify necessary\nfirmware updates. Ubuntu provided corresponding QEMU updates for users\nof self-hosted virtual environments in USN 3651-1. Ubuntu users in\ncloud environments should contact the cloud provider to confirm that\nthe hypervisor has been updated to expose the new CPU features to\nvirtual machines. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3655-1\n CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449,\n CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208,\n CVE-2017-18221, CVE-2018-3639, CVE-2018-8822,\n https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/3.13.0-149.199\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3639"
},
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "PACKETSTORM",
"id": "147721"
},
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "150116"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "147742"
},
{
"db": "PACKETSTORM",
"id": "148506"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "PACKETSTORM",
"id": "147784"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-133670",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133670"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3639",
"trust": 3.0
},
{
"db": "USCERT",
"id": "TA18-141A",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#180049",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040949",
"trust": 1.7
},
{
"db": "BID",
"id": "104232",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/5",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/2",
"trust": 1.1
},
{
"db": "LENOVO",
"id": "LEN-22133",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "44695",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-505225",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-268644",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1042004",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#584653",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13391",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147762",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147873",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150073",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148699",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147742",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149127",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147752",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147721",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148975",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148507",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148581",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147839",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147748",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147756",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147931",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148323",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147751",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147755",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147779",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147734",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147767",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147719",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147737",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148614",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148751",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147780",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148842",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147758",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150078",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147938",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147736",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152767",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147904",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147930",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147739",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147851",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147934",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-133670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147784",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148506",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "PACKETSTORM",
"id": "147721"
},
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "147784"
},
{
"db": "PACKETSTORM",
"id": "150116"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "147742"
},
{
"db": "PACKETSTORM",
"id": "148506"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"id": "VAR-201805-0963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
}
],
"trust": 1.3987851138095238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
}
]
},
"last_update_date": "2025-12-22T21:34:12.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for multiple CPUHardware information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"trust": 1.9,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"trust": 1.9,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"trust": 1.9,
"url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
},
{
"trust": 1.6,
"url": "https://support.apple.com//ht208394"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/speculative-store-bypass"
},
{
"trust": 1.5,
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1656"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1675"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1688"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1711"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2171"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2172"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2258"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:3396"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/104232"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/jun/36"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"trust": 1.1,
"url": "http://support.lenovo.com/us/en/solutions/len-22133"
},
{
"trust": 1.1,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"trust": 1.1,
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0"
},
{
"trust": 1.1,
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"trust": 1.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180012"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0004"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx235225"
},
{
"trust": 1.1,
"url": "https://support.oracle.com/knowledge/sun%20microsystems/2481872_1.html"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_18_23"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1629"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1630"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1632"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1633"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1635"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1636"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1637"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1638"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1639"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1640"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1641"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1642"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1643"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1644"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1645"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1646"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1647"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1648"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1649"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1650"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1651"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1652"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1653"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1654"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1655"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1657"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1658"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1659"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1660"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1661"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1662"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1663"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1664"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1665"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1666"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1667"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1668"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1669"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1674"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1676"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1686"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1689"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1690"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1696"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1710"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1737"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1738"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1826"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1854"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1965"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1967"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1997"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2001"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2003"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2006"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2060"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2161"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2162"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2164"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2216"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2228"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2246"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2250"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2289"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2309"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2328"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2363"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2364"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2387"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2394"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2396"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2948"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3397"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3398"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3399"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3400"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3401"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3402"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3407"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3424"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3425"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:0148"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1046"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040949"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1042004"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"trust": 1.0,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
},
{
"trust": 1.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
},
{
"trust": 0.8,
"url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/584653"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
},
{
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 0.8,
"url": "https://support.hp.com/us-en/document/c06001626"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
},
{
"trust": 0.8,
"url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7022937"
},
{
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
},
{
"trust": 0.8,
"url": "https://kb.vmware.com/s/article/54951"
},
{
"trust": 0.8,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2018-3639"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://securitytracker.com/id/1040949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3640"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1009.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1008.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-22.24"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1006.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1012.12"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3652-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1010.10"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/intel-microcode"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18079"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3655-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.13.0-149.199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12618"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4153"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12613"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14106"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3756-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.14.04.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "PACKETSTORM",
"id": "147721"
},
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "147784"
},
{
"db": "PACKETSTORM",
"id": "150116"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "147742"
},
{
"db": "PACKETSTORM",
"id": "148506"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "PACKETSTORM",
"id": "147721"
},
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "147784"
},
{
"db": "PACKETSTORM",
"id": "150116"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "147742"
},
{
"db": "PACKETSTORM",
"id": "148506"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-133670"
},
{
"date": "2018-05-21T15:16:00",
"db": "PACKETSTORM",
"id": "147721"
},
{
"date": "2018-05-24T18:33:59",
"db": "PACKETSTORM",
"id": "147873"
},
{
"date": "2018-08-17T17:42:14",
"db": "PACKETSTORM",
"id": "148975"
},
{
"date": "2018-05-23T07:03:03",
"db": "PACKETSTORM",
"id": "147762"
},
{
"date": "2018-07-11T22:06:54",
"db": "PACKETSTORM",
"id": "148507"
},
{
"date": "2018-05-23T07:12:14",
"db": "PACKETSTORM",
"id": "147784"
},
{
"date": "2018-10-31T16:10:50",
"db": "PACKETSTORM",
"id": "150116"
},
{
"date": "2018-05-23T07:00:14",
"db": "PACKETSTORM",
"id": "147752"
},
{
"date": "2018-05-23T06:56:36",
"db": "PACKETSTORM",
"id": "147742"
},
{
"date": "2018-07-11T22:06:47",
"db": "PACKETSTORM",
"id": "148506"
},
{
"date": "2018-10-31T01:13:10",
"db": "PACKETSTORM",
"id": "150073"
},
{
"date": "2018-07-26T00:00:01",
"db": "PACKETSTORM",
"id": "148699"
},
{
"date": "2018-08-28T17:19:20",
"db": "PACKETSTORM",
"id": "149127"
},
{
"date": "2018-05-22T12:29:00.250000",
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-19T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"date": "2020-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-133670"
},
{
"date": "2024-11-21T04:05:48.867000",
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "147721"
},
{
"db": "PACKETSTORM",
"id": "147784"
},
{
"db": "PACKETSTORM",
"id": "149127"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bypass",
"sources": [
{
"db": "PACKETSTORM",
"id": "147873"
},
{
"db": "PACKETSTORM",
"id": "147762"
},
{
"db": "PACKETSTORM",
"id": "148507"
},
{
"db": "PACKETSTORM",
"id": "147752"
},
{
"db": "PACKETSTORM",
"id": "150073"
},
{
"db": "PACKETSTORM",
"id": "148699"
}
],
"trust": 0.6
}
}
VAR-202006-0391
Vulnerability from variot - Updated: 2025-12-22 20:26The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. UPnP is a Universal Plug and Play protocol of the Open Connectivity Foundation. A security vulnerability exists in UPnP versions prior to 2020-04-17. Attackers can use the SUBSCRIBE function to exploit this vulnerability to send traffic to any location, resulting in denial of service or data leakage.
For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU Ia860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b q7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB 9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529 5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS BaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB wOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN 7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a aP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV BNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi e5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0= =CU/j -----END PGP SIGNATURE----- . In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: gssdp and gupnp security update Advisory ID: RHSA-2021:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1789 Issue date: 2021-05-18 CVE Names: CVE-2020-12695 ==================================================================== 1. Summary:
An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.
The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)
Security Fix(es):
- hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: gssdp-1.0.5-1.el8.src.rpm gupnp-1.0.6-1.el8.src.rpm
aarch64: gssdp-1.0.5-1.el8.aarch64.rpm gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-1.0.6-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm
ppc64le: gssdp-1.0.5-1.el8.ppc64le.rpm gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-1.0.6-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-1.0.5-1.el8.s390x.rpm gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-1.0.6-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-1.0.5-1.el8.i686.rpm gssdp-1.0.5-1.el8.x86_64.rpm gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-1.0.6-1.el8.i686.rpm gupnp-1.0.6-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-devel-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm gupnp-devel-1.0.6-1.el8.aarch64.rpm
noarch: gssdp-docs-1.0.5-1.el8.noarch.rpm
ppc64le: gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-devel-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm gupnp-devel-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-devel-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm gupnp-devel-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-devel-1.0.5-1.el8.i686.rpm gssdp-devel-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm gupnp-devel-1.0.6-1.el8.i686.rpm gupnp-devel-1.0.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-12695 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6 uJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl Lw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P ++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7 izSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k MK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH fYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh YtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu m+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN HJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET V/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a 7bb2GlcOcWo=2GSN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. ========================================================================= Ubuntu Security Notice USN-4734-2 February 16, 2021
wpa vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in wpa_supplicant and hostapd.
Software Description: - wpa: client support for WPA and WPA2
Details:
USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM.
It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326)
It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: hostapd 1:2.1-0ubuntu1.7+esm3 wpasupplicant 2.1-0ubuntu1.7+esm3
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envy 4524 k9t01a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "5030 m2u92b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5542 k7c88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "adsl",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "envy 6020 5se16b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 114 cq812a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4654 f1j07b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5531",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4505 a9t86a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 111 cq810a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 a9t80b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4502 a9t85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5547 j6u64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5664 f8b08a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 5575 g0v48b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4503 e6g71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7r96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4502 a9t87b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5530",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5546 k7c90a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5642 b9s64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-8600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 4675 f1h97b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5536",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7645 e4w44a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6234 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4513 k9h51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4538 f0v66b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6020 5se17a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 114 cq811b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5545 g0v50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "b1165nfw",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "deskjet ink advantage 4515",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wap131",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "envy 4520 f0v63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ep-101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "xp-702",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "xp-330",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "xp-970",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "officejet 4652 k9v84b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7155 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4522 f0v67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 e6g67b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 a9t80a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4526 k9t05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-320",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "officejet 4650 f1h96b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ew-m970a3t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 100 cn517a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3548 a9t81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4658 v6d30b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7s10d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4511 k9h50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4508 e6g72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-4105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy photo 6252 k7g22a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "m571t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 5575 g0v48c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4654 f1j06b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 z4a54a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6455 5se45a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wap351",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "envy 5541 k7g89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4509 d3p94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7164 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-2101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 4504 c8d04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5535",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4512 k9h49a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hostapd",
"scope": "lt",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.0.0"
},
{
"model": "wap150",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "officejet 4655 k9v82b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5640 b9s58a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6020 6wd35a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4528 k9t08b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "zxv10 w300",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "envy photo 6222 y0k14d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4675 f1h97c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 3xd89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "deskjet ink advantage 4675 f1h97a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7s00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-630",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "xp-620",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy pro 6420 6wd16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4650 e6g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "unifi controller",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": null
},
{
"model": "deskjet ink advantage 4676 f1h98a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 a9t89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 g0v47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3456 a9t84c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5660 f8b04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5643 b9s63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "selphy cp1200",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "envy photo 7120 z3m41d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4516 k9h52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4655 f1j00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6540 b9s59a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5532",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7644 e4w46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq812c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t81a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-4100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 100 cn517c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5020 z4a69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 y0g52b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7822 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "dvg-n5412sp",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "envy 5540 g0v51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4523 j6u60b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4507 e6g70b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn519b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5544 k7c89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4521 k9t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6420 5se46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6420 6wd14a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4652 f1j02a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 k7g93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4518",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4650 f1h96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5646 f8b05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5665 f8b06a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7640",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5543 n9u88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5544 k7c93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hg255s",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "envy pro 6420 5se45b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "xp-2105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 110 cq809d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5539",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5644 b9s65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn519a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4501 c8d05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4509 d3p94a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4655 k9v79a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 5540 g0v53a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "envy 5640 b9s56a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4656 k9v81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "envy photo 6200 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6220 k7g20d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-340",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "hg532e",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "envy 4520 f0v63b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "5030 z4a70a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4524 f0v71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6020 7cz37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4536 f0v65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6230 k7g25b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7822 y0g43d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn517b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 d3p93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-960",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 4520 f0v69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4525 k9t09b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "zonedirector 1200",
"scope": "eq",
"trust": 1.0,
"vendor": "ruckussecurity",
"version": null
},
{
"model": "envy photo 6232 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5034 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "envy 4520 e6g67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6452 5se47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wr8165n",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t83b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4678 f1h99b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3546 a9t82a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4527 j6u61b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5548 k7g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6220 k7g21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-8500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "xp-440",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "envy 5000 m2u94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4504 a9t88b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 k7g18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 z3m37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5020 m2u91b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4524 f0v72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4657 v6d29b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-241",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t81c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xbox one",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19041.2494"
},
{
"model": "envy 5534",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u85b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn518a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "rt-n11",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "amg1202-t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "officejet 4652 f1j05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wnhde111",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "envy 114 cq811a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7830 y0g50b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 g0v52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6055 5se16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 f2e72a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6222 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 y0k15a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "archer c50",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "envy 5540 k7c85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6052 5se18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "rt-n11",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "adsl",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "dvg-n5412sp",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "unifi controller",
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "hostapd",
"scope": null,
"trust": 0.8,
"vendor": "w1 fi",
"version": null
},
{
"model": "selphy cp1200",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "wap131",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wap150",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wap351",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "b1165nfw",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-n11",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:broadcom:adsl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dvg-n5412sp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ubiquiti_networks:unifi_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:w1.fi:hostapd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:selphy_cp1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap131",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap351",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:b1165nfw",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12695",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-165399",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2020-12695",
"impactScore": 4.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006708",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-165399",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. UPnP is a Universal Plug and Play protocol of the Open Connectivity Foundation. A security vulnerability exists in UPnP versions prior to 2020-04-17. Attackers can use the SUBSCRIBE function to exploit this vulnerability to send traffic to any location, resulting in denial of service or data leakage. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU\nIa860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b\nq7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB\n9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529\n5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS\nBaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB\nwOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN\n7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a\naP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV\nBNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi\ne5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0=\n=CU/j\n-----END PGP SIGNATURE-----\n. In addition minidlna was susceptible to the\n\"CallStranger\" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: gssdp and gupnp security update\nAdvisory ID: RHSA-2021:1789-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1789\nIssue date: 2021-05-18\nCVE Names: CVE-2020-12695\n====================================================================\n1. Summary:\n\nAn update for gssdp and gupnp is now available for Red Hat Enterprise Linux\n8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGUPnP is an object-oriented open source framework for creating UPnP devices\nand control points, written in C using GObject and libsoup. The GUPnP API\nis intended to be easy to use, efficient and flexible. \n\nGSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. \n\nThe following packages have been upgraded to a later upstream version:\ngssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ngssdp-1.0.5-1.el8.src.rpm\ngupnp-1.0.6-1.el8.src.rpm\n\naarch64:\ngssdp-1.0.5-1.el8.aarch64.rpm\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-1.0.6-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\n\nppc64le:\ngssdp-1.0.5-1.el8.ppc64le.rpm\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-1.0.6-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-1.0.5-1.el8.s390x.rpm\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-1.0.6-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-1.0.5-1.el8.i686.rpm\ngssdp-1.0.5-1.el8.x86_64.rpm\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-1.0.6-1.el8.i686.rpm\ngupnp-1.0.6-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-devel-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\ngupnp-devel-1.0.6-1.el8.aarch64.rpm\n\nnoarch:\ngssdp-docs-1.0.5-1.el8.noarch.rpm\n\nppc64le:\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-devel-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\ngupnp-devel-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-devel-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\ngupnp-devel-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-devel-1.0.5-1.el8.i686.rpm\ngssdp-devel-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\ngupnp-devel-1.0.6-1.el8.i686.rpm\ngupnp-devel-1.0.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-12695\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6\nuJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl\nLw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P\n++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7\nizSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k\nMK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH\nfYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh\nYtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu\nm+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN\nHJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET\nV/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a\n7bb2GlcOcWo=2GSN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. =========================================================================\nUbuntu Security Notice USN-4734-2\nFebruary 16, 2021\n\nwpa vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant and hostapd. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nUSN-4734-1 fixed several vulnerabilities in wpa_supplicant. This\nupdate provides the corresponding update for Ubuntu 14.04 ESM. \n\nIt was discovered that wpa_supplicant did not properly handle P2P\n(Wi-Fi Direct) group information in some situations, leading to a\nheap overflow. A physically proximate attacker could use this to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe\nmessages in some circumstances. An attacker could use this to cause a\ndenial of service. (CVE-2020-12695)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n hostapd 1:2.1-0ubuntu1.7+esm3\n wpasupplicant 2.1-0ubuntu1.7+esm3\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12695",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#339275",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "158051",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/08/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161288",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162672",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159172",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021122905",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052202",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0417",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4372",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2733",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3160",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161444",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161397",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-37941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168951",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"id": "VAR-202006-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
}
],
"trust": 0.6724206283333334
},
"last_update_date": "2025-12-22T20:26:51.848000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N11",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTN11/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "Canon SELPHY CP1200",
"trust": 0.8,
"url": "https://en.canon-me.com/support/consumer_products/products/printers/compact_photo/cd__cp_series/selphy_cp1200.html?type=drivers\u0026language=\u0026os=windows%208.1%20(64-bit)"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://us.dlink.com/en/consumer"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dell.com/en-us"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://community.ui.com/"
},
{
"title": "hostapd",
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/JVNDB-2019-013311.html"
},
{
"title": "Debian CVElist Bug Report Logs: wpa: CVE-2020-12695",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cdef40da4b3b6b2f4fcf08e447d20494"
},
{
"title": "Debian Security Advisories: DSA-4806-1 minidlna -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5e0b1e00748aee507290bde9650370c7"
},
{
"title": "Arch Linux Advisories: [ASA-202012-16] hostapd: proxy injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-16"
},
{
"title": "Debian Security Advisories: DSA-4898-1 wpa -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2832d7aeef980951ddf42089219be7b3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-12695 log"
},
{
"title": "awesome-from-stars",
"trust": 0.1,
"url": "https://github.com/krzemienski/awesome-from-stars "
},
{
"title": "callstranger-detector",
"trust": 0.1,
"url": "https://github.com/corelight/callstranger-detector "
},
{
"title": "CallStranger",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Xcod3bughunt3r/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/DIALStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aoeII/asuswrt-for-Tenda-AC9-Router "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158051/callstranger-upnp-vulnerability-checker.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"trust": 1.7,
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"trust": 1.7,
"url": "https://github.com/corelight/callstranger-detector"
},
{
"trust": 1.7,
"url": "https://github.com/yunuscadirci/callstranger"
},
{
"trust": 1.7,
"url": "https://www.callstranger.com"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12695"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12695"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta95827565/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052202"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4372/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162672/red-hat-security-advisory-2021-1789-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3160/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1382"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159172/ubuntu-security-notice-usn-4494-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0575"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2705/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-upnp-cn"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161288/ubuntu-security-notice-usn-4722-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/upnp-information-disclosure-via-subscribe-delivery-url-32701"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0326"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28926"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4734-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27803"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpa"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/minidlna"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12695"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4494-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.1.5+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4722-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4734-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-165399"
},
{
"date": "2020-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"date": "2021-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169049"
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168951"
},
{
"date": "2021-05-19T14:10:26",
"db": "PACKETSTORM",
"id": "162672"
},
{
"date": "2020-09-15T17:05:32",
"db": "PACKETSTORM",
"id": "159172"
},
{
"date": "2021-02-04T21:34:49",
"db": "PACKETSTORM",
"id": "161288"
},
{
"date": "2021-02-16T23:41:17",
"db": "PACKETSTORM",
"id": "161444"
},
{
"date": "2021-02-12T17:29:06",
"db": "PACKETSTORM",
"id": "161397"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"date": "2020-06-08T17:15:09.973000",
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-165399"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"date": "2024-11-21T05:00:05.367000",
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open Connectivity Foundation UPnP specification Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.6
}
}
VAR-201809-1153
Vulnerability from variot - Updated: 2025-12-22 19:56The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ========================================================================= Ubuntu Security Notice USN-3742-1 August 14, 2018
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620)
Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.13.0-155-generic 3.13.0-155.205 linux-image-3.13.0-155-generic-lpae 3.13.0-155.205 linux-image-3.13.0-155-lowlatency 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205 linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205 linux-image-generic 3.13.0.155.165 linux-image-generic-lpae 3.13.0.155.165 linux-image-lowlatency 3.13.0.155.165 linux-image-powerpc-e500 3.13.0.155.165 linux-image-powerpc-e500mc 3.13.0.155.165 linux-image-powerpc-smp 3.13.0.155.165 linux-image-powerpc64-emb 3.13.0.155.165 linux-image-powerpc64-smp 3.13.0.155.165
Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
This is mitigated by reducing the default limits on memory usage
for incomplete fragmented packets. The same mitigation can be
achieved without the need to reboot, by setting the sysctls:
net.ipv4.ipfrag_high_thresh = 262144
net.ipv6.ip6frag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv6.ip6frag_low_thresh = 196608
The default values may still be increased by local configuration
if necessary.
For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj HJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU BnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC R8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y aLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43 6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA IeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj VEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5 mLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv vK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0 Rk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw= =WPm5 -----END PGP SIGNATURE----- . 7) - ppc64le
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3635371
-
(BZ#1615873)
-
After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1629634)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:3590-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3590 Issue date: 2018-11-13 CVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 CVE-2018-14634 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)
-
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
-
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
-
kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.
Bug Fix(es):
-
Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565)
-
Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792)
-
Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/security/vulnerabilities/mutagen-astronomy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X BgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy y1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp 9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9 5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb M29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O nclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV ma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl cBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj V/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe LiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs 6QJ1Zh7jeUY= =8JOQ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - ppc64, ppc64le, x86_64
-
Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. (BZ#1596281)
-
Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. (BZ#1618388)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "simatic rf188",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "simatic net cp 1542sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "sinema remote connect server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.1"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "4.18"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "simatic net cp 1543sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.9"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "simatic net cp 1243-7 lte eu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "scalance w700 ieee 802.11a\\/b\\/g\\/n",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.3"
},
{
"model": "simatic net cp 1242-7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows rt 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "scalance sc-600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic net cp 1243-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "simatic net cp 1243-7 lte us",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1703"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "scalance w1700 ieee 802.11ac",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.2"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.20"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.8"
},
{
"model": "extendible operating system 4.20.5f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.73"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.15"
},
{
"model": "extendible operating system 4.20.5.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.7"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.22"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10"
},
{
"model": "kernel 3.9-rc3",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "extendible operating system 4.20.4f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.1"
},
{
"model": "kernel 4.14-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.16"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.10"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.18"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.14"
},
{
"model": "extendible operating system 4.20.4.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.54"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.43"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.73"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.13"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows server r2 for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.12"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.3"
},
{
"model": "kernel 3.9-rc8",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.1"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.44"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.49"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.17"
},
{
"model": "extendible operating system 4.21.0f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.10"
},
{
"model": "kernel 4.13-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "extendible operating system 4.20.7m",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.19"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.3"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.3"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.45"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.19.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.9"
},
{
"model": "extendible operating system 4.20.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.48"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.81"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.30"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.12"
},
{
"model": "kernel 4.14.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel 4.16-rc",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.6"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.4"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.36"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.4"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.41"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.9"
},
{
"model": "extendible operating system 4.20.6f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.11"
},
{
"model": "extendible operating system 4.20.8m",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.17"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.3"
},
{
"model": "kernel 3.9-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.31"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.14"
},
{
"model": "kernel 4.12-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.3"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.10"
},
{
"model": "enterprise mrg",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.2"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.19"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.9"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.79"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.1"
},
{
"model": "extendible operating system 4.20.2f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.6"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.7"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.5"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.3"
},
{
"model": "extendible operating system",
"scope": "eq",
"trust": 0.3,
"vendor": "arista",
"version": "0"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.45"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.7"
},
{
"model": "kernel 4.15-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.1"
},
{
"model": "extendible operating system 4.20.3f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.7"
},
{
"model": "extendible operating system 4.20.5.2f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.18"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.36"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.8"
},
{
"model": "kernel 3.9-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.90"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.2"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.7"
},
{
"model": "extendible operating system 4.20.0f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "extendible operating system 4.20.2.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.6"
},
{
"model": "kernel 4.17-rc2",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.10"
},
{
"model": "kernel 4.16-rc6",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.40"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.26"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.13"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.10"
},
{
"model": "kernel 4.14-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel 4.16-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "149546"
}
],
"trust": 0.7
},
"cve": "CVE-2018-5391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.6,
"exploitability": "UNPROVEN",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "NOT DEFINED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-135422",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5391",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5391",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5391",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135422",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5391",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Linux Kernel is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. =========================================================================\nUbuntu Security Notice USN-3742-1\nAugust 14, 2018\n\nlinux vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\nattacker in a guest virtual machine could use this to expose sensitive\ninformation (memory from other guests or the host OS). (CVE-2018-3646)\n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\nattacker could use this to expose sensitive information (memory from the\nkernel or other processes). (CVE-2018-3620)\n\nAndrey Konovalov discovered an out-of-bounds read in the POSIX\ntimers subsystem in the Linux kernel. (CVE-2018-5391)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-3.13.0-155-generic 3.13.0-155.205\n linux-image-3.13.0-155-generic-lpae 3.13.0-155.205\n linux-image-3.13.0-155-lowlatency 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205\n linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205\n linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205\n linux-image-generic 3.13.0.155.165\n linux-image-generic-lpae 3.13.0.155.165\n linux-image-lowlatency 3.13.0.155.165\n linux-image-powerpc-e500 3.13.0.155.165\n linux-image-powerpc-e500mc 3.13.0.155.165\n linux-image-powerpc-smp 3.13.0.155.165\n linux-image-powerpc64-emb 3.13.0.155.165\n linux-image-powerpc64-smp 3.13.0.155.165\n\nPlease note that the recommended mitigation for CVE-2018-3646 involves\nupdating processor microcode in addition to updating the kernel;\nhowever, the kernel includes a fallback for processors that have not\nreceived microcode updates. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\n This is mitigated by reducing the default limits on memory usage\n for incomplete fragmented packets. The same mitigation can be\n achieved without the need to reboot, by setting the sysctls:\n\n net.ipv4.ipfrag_high_thresh = 262144\n net.ipv6.ip6frag_high_thresh = 262144\n net.ipv4.ipfrag_low_thresh = 196608\n net.ipv6.ip6frag_low_thresh = 196608\n\n The default values may still be increased by local configuration\n if necessary. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4.9.110-3+deb9u2. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj\nHJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU\nBnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC\nR8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y\naLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43\n6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA\nIeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj\nVEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5\nmLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv\nvK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0\nRk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw=\n=WPm5\n-----END PGP SIGNATURE-----\n. 7) - ppc64le\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of the bug fixes in this advisory. See the\ndescriptions in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/3635371\n\n4. (BZ#1615873)\n\n* After updating the system to prevent the L1 Terminal Fault (L1TF)\nvulnerability, only one thread was detected on systems that offer\nprocessing of two threads on a single processor core. With this update, the\n\"__max_smt_threads()\" function has been fixed. (BZ#1629634)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2018:3590-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3590\nIssue date: 2018-11-13\nCVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 \n CVE-2018-14634 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.2 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled\nreassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS\nor other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux\u0027s create_elf_tables function\n(CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department\nof Communications and Networking and Nokia Bell Labs) for reporting\nCVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. \n\nBug Fix(es):\n\n* Previously, a kernel panic occurred when the kernel tried to make an out\nof bound access to the array that describes the L1 Terminal Fault (L1TF)\nmitigation state on systems without Extended Page Tables (EPT) support. \nThis update extends the array of mitigation states to cover all the states,\nwhich effectively prevents out of bound array access. Also, this update\nenables rejecting invalid, irrelevant values, that might be erroneously\nprovided by the userspace. As a result, the kernel no longer panics in the\ndescribed scenario. (BZ#1629565)\n\n* Previously, a packet was missing the User Datagram Protocol (UDP) payload\nchecksum during a full checksum computation, if the hardware checksum was\nnot applied. As a consequence, a packet with an incorrect checksum was\ndropped by a peer. With this update, the kernel includes the UDP payload\nchecksum during the full checksum computation. As a result, the checksum is\ncomputed correctly and the packet can be received by the peer. (BZ#1635792)\n\n* Previously, a transform lookup through the xfrm framework could be\nperformed on an already transformed destination cache entry (dst_entry). \nWhen using User Datagram Protocol (UDP) over IPv6 with a connected socket\nin conjunction with Internet Protocol Security (IPsec) in Encapsulating\nSecurity Payload (ESP) transport mode. As a consequence, invalid IPv6\nfragments transmitted from the host or the kernel occasionally terminated\nunexpectedly due to a socket buffer (SKB) underrun. With this update, the\nxfrm lookup on an already transformed dst_entry is not possible. As a\nresult, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6\nfragment transmissions or a kernel panic. (BZ#1639586)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact\n1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)\n1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c\n1624498 - CVE-2018-14634 kernel: Integer overflow in Linux\u0027s create_elf_tables function\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18344\nhttps://access.redhat.com/security/cve/CVE-2018-5391\nhttps://access.redhat.com/security/cve/CVE-2018-10675\nhttps://access.redhat.com/security/cve/CVE-2018-14634\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3553061\nhttps://access.redhat.com/security/vulnerabilities/mutagen-astronomy\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X\nBgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy\ny1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp\n9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9\n5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb\nM29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O\nnclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV\nma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl\ncBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj\nV/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe\nLiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs\n6QJ1Zh7jeUY=\n=8JOQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.3) - ppc64, ppc64le, x86_64\n\n3. Maintaining the denial of service\ncondition requires continuous two-way TCP sessions to a reachable open\nport, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This\nupdate fixes an irq latency source in memory compaction. \n(BZ#1596281)\n\n* Previously, the kernel source code was missing support to report the\nSpeculative Store Bypass Disable (SSBD) vulnerability status on IBM Power\nSystems and the little-endian variants of IBM Power Systems. As a\nconsequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass\nfile incorrectly reported \"Not affected\" on both CPU architectures. This\nfix updates the kernel source code to properly report the SSBD status\neither as \"Vulnerable\" or \"Mitigation: Kernel entry/exit barrier (TYPE)\"\nwhere TYPE is one of \"eieio\", \"hwsync\", \"fallback\", or \"unknown\". As a\nconsequence, the VMs sometimes became unresponsive when booting. This\nupdate applies an upstream patch to avoid early microcode update when\nrunning under a hypervisor. (BZ#1618388)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5391"
},
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5391",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#641765",
"trust": 2.9
},
{
"db": "BID",
"id": "105108",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/06/28/2",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/07/06/4",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/07/06/3",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-377115",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041476",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041637",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0545",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0623",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0854",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0675",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-105-05",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148928",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-135422",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148915",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148912",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150057",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150314",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148913",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149546",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"id": "VAR-201809-1153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135422"
}
],
"trust": 0.617889808
},
"last_update_date": "2025-12-22T19:56:45.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=84156"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182846 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183459 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182785 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182925 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4272-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c4fc75c3940ecd62e6e3d43c90c1ead1"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182791 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182924 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183590 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183540 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182933 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183586 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201903-11] linux-hardened: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-11"
},
{
"title": "Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-2"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0e5803196f7b186e3c0e200d43325ad6"
},
{
"title": "Red Hat: CVE-2018-5391",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5391"
},
{
"title": "Cisco: Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180824-linux-ip-fragment"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-5391"
},
{
"title": "Ubuntu Security Notice: linux regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-3"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-2"
},
{
"title": "IBM: IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5babfeb02fdf3e145c777d8eb6dfd0f"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-1"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cb5671de27781f97454cf1b56d2087e0"
},
{
"title": "IBM: IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4b24750b4f4494d02c26c4b32a0e107a"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-3"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-2"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d3eead9065d15844d9f0f319ebc3ef51"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1058"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1058"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=0944feb15e174ce784cc2c5c40d923ea"
},
{
"title": "Red Hat: Important: kernel-alt security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182948 - Security Advisory"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2018-5391 Information about FragmentSmack findings",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3c616fb9e55ec6924cfd6ba2622c6c7e"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183083 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183096 - Security Advisory"
},
{
"title": "Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=b3193a96468975c04eb9f136ca9abec4"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=75b9d198a73a91d81765c8b428423224"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=204a1aa9ebf7b5f47151e8b011269862"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=05b5bbd6fb289370b459faf1f4e3919d"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "my_ref",
"trust": 0.1,
"url": "https://github.com/chetanshirke/my_ref "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ozipoetra/natvps-dns "
},
{
"title": "cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/windows-systems-vulnerable-to-fragmentsmack-90s-like-dos-bug/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/linux/two-ddos-friendly-bugs-fixed-in-linux-kernel/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/over-80-cisco-products-affected-by-fragmentsmack-dos-bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/105108"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"trust": 2.2,
"url": "https://www.kb.cert.org/vuls/id/641765"
},
{
"trust": 2.1,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3740-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3740-2/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3741-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3741-2/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2785"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2846"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2925"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3083"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3096"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3540"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3590"
},
{
"trust": 1.8,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-004.txt"
},
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20181003-0002/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4272"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2791"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2924"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2933"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2948"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3459"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3586"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041476"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041637"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/5782-security-advisory-37"
},
{
"trust": 1.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180022"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5391"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2018-5391"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk134253"
},
{
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/3553061https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://www.suse.com/security/cve/cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://people.canonical.com/"
},
{
"trust": 0.8,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-690"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_security_mini_bulletin_xrx19ak_for_altalinkb80xx-c80xx.pdf"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872368"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1315/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75930"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190123-01-linux-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76246"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10792535"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76474"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180824-linux-ip-fragment"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77246"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-linux-cn"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-05"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18344"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/3553061"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-18344"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14634"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14634"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10675"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-10675"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609664"
},
{
"trust": 0.3,
"url": "http://www.kernel.org/"
},
{
"trust": 0.3,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/131"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2018-5142979.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 0.3,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5390"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3740-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-13405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-7740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5344"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10940"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1092"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1120"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13405"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000026"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1094"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-7757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10940"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1118"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1130"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-10661"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-17805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8830"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10883"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5848"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10322"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4913"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10883"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1118"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10878"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1000026"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-0861"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-8781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8830"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4913"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1130"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10661"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1120"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10878"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5344"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/chetanshirke/my_ref"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3742-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.13.0-155.205"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1019.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1019.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1015.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1020.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-32.35"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3635371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3684891"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-32.35~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21~16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3740-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5390"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "CERT/CC",
"id": "VU#641765"
},
{
"date": "2018-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-135422"
},
{
"date": "2018-09-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105108"
},
{
"date": "2018-08-15T04:42:52",
"db": "PACKETSTORM",
"id": "148915"
},
{
"date": "2018-08-15T04:42:35",
"db": "PACKETSTORM",
"id": "148912"
},
{
"date": "2018-08-14T22:22:00",
"db": "PACKETSTORM",
"id": "148928"
},
{
"date": "2018-10-31T01:11:41",
"db": "PACKETSTORM",
"id": "150068"
},
{
"date": "2018-10-31T01:00:50",
"db": "PACKETSTORM",
"id": "150057"
},
{
"date": "2018-10-09T17:02:09",
"db": "PACKETSTORM",
"id": "149726"
},
{
"date": "2018-10-17T15:42:22",
"db": "PACKETSTORM",
"id": "149832"
},
{
"date": "2018-11-14T01:33:23",
"db": "PACKETSTORM",
"id": "150315"
},
{
"date": "2018-11-14T01:33:01",
"db": "PACKETSTORM",
"id": "150314"
},
{
"date": "2018-08-15T04:42:40",
"db": "PACKETSTORM",
"id": "148913"
},
{
"date": "2018-09-25T23:02:55",
"db": "PACKETSTORM",
"id": "149546"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"date": "2018-09-06T21:29:00.363000",
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CERT/CC",
"id": "VU#641765"
},
{
"date": "2022-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-135422"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"date": "2019-02-15T14:00:00",
"db": "BID",
"id": "105108"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"date": "2024-11-21T04:08:43.897000",
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux kernel IP fragment re-assembly vulnerable to denial of service",
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
],
"trust": 0.6
}
}
VAR-201603-0205
Vulnerability from variot - Updated: 2025-11-18 15:06Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. This vulnerability is CVE-2016-0963 and CVE-2016-0993 This is a different vulnerability.An attacker could execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1010",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1010",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88842",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1010",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-1010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1010",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88842",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1010",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. This vulnerability is CVE-2016-0963 and CVE-2016-0993 This is a different vulnerability.An attacker could execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1010"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1010",
"trust": 2.8
},
{
"db": "BID",
"id": "84308",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-91436",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88842",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"id": "VAR-201603-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88842"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:58.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product Integer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60537"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/03/10/adobe_flash_march_updates/"
},
{
"title": "Red Hat: CVE-2016-1010",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1010"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0993 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0963 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1010 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/kaspersky-security-bulletin-2016-executive-summary/76858/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/76396/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/it-threat-evolution-in-q2-2016-overview/75615/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/operation-daybreak/75100/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84308"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-1010"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1010"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1010"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/03/10/adobe_flash_march_updates/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88842"
},
{
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88842"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"date": "2016-03-12T15:59:25.090000",
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88842"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1010"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-178"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001743"
},
{
"date": "2025-10-22T00:15:48.967000",
"db": "NVD",
"id": "CVE-2016-1010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to integer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-178"
}
],
"trust": 0.6
}
}
VAR-201602-0334
Vulnerability from variot - Updated: 2025-11-18 15:06Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983. This vulnerability CVE-2016-0973 , CVE-2016-0974 , CVE-2016-0975 , CVE-2016-0982 ,and CVE-2016-0983 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0984",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0984",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88494",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0984",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0984",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-0984",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0984",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88494",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0984",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983. This vulnerability CVE-2016-0973 , CVE-2016-0974 , CVE-2016-0975 , CVE-2016-0982 ,and CVE-2016-0983 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0984"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88494",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39462",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0984",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39462",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "135822",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88494",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"id": "VAR-201602-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:58.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60184"
},
{
"title": "Red Hat: CVE-2016-0984",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0984"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/apt-trends-report-q2-2017/79332/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39462/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-0984"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0984"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0984"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88494"
},
{
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88494"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"date": "2016-02-10T20:59:32.563000",
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-88494"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0984"
},
{
"date": "2023-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-242"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001437"
},
{
"date": "2025-10-22T00:15:48.023000",
"db": "NVD",
"id": "CVE-2016-0984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-242"
}
],
"trust": 0.6
}
}
VAR-201606-0508
Vulnerability from variot - Updated: 2025-11-18 15:06Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Attack activity using this vulnerability has been confirmed. For more information, APSA16-03 and APSB16-18 Please confirm. APSA16-03 https://helpx.adobe.com/jp/security/products/flash-player/apsa16-03.html APSB16-18 https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.htmlCrafted SWF Web pages with content, HTML document, PDF File, Microsoft Office An arbitrary code may be executed by opening a document. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Flash Player 21.0.0.242 and prior versions are vulnerable. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1238-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1238 Issue date: 2016-06-17 CVE Names: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 =====================================================================
- Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1346665 - flash-plugin: multiple code execution issues fixed in APSB16-18
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm
x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm
x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-4122 https://access.redhat.com/security/cve/CVE-2016-4123 https://access.redhat.com/security/cve/CVE-2016-4124 https://access.redhat.com/security/cve/CVE-2016-4125 https://access.redhat.com/security/cve/CVE-2016-4127 https://access.redhat.com/security/cve/CVE-2016-4128 https://access.redhat.com/security/cve/CVE-2016-4129 https://access.redhat.com/security/cve/CVE-2016-4130 https://access.redhat.com/security/cve/CVE-2016-4131 https://access.redhat.com/security/cve/CVE-2016-4132 https://access.redhat.com/security/cve/CVE-2016-4133 https://access.redhat.com/security/cve/CVE-2016-4134 https://access.redhat.com/security/cve/CVE-2016-4135 https://access.redhat.com/security/cve/CVE-2016-4136 https://access.redhat.com/security/cve/CVE-2016-4137 https://access.redhat.com/security/cve/CVE-2016-4138 https://access.redhat.com/security/cve/CVE-2016-4139 https://access.redhat.com/security/cve/CVE-2016-4140 https://access.redhat.com/security/cve/CVE-2016-4141 https://access.redhat.com/security/cve/CVE-2016-4142 https://access.redhat.com/security/cve/CVE-2016-4143 https://access.redhat.com/security/cve/CVE-2016-4144 https://access.redhat.com/security/cve/CVE-2016-4145 https://access.redhat.com/security/cve/CVE-2016-4146 https://access.redhat.com/security/cve/CVE-2016-4147 https://access.redhat.com/security/cve/CVE-2016-4148 https://access.redhat.com/security/cve/CVE-2016-4149 https://access.redhat.com/security/cve/CVE-2016-4150 https://access.redhat.com/security/cve/CVE-2016-4151 https://access.redhat.com/security/cve/CVE-2016-4152 https://access.redhat.com/security/cve/CVE-2016-4153 https://access.redhat.com/security/cve/CVE-2016-4154 https://access.redhat.com/security/cve/CVE-2016-4155 https://access.redhat.com/security/cve/CVE-2016-4156 https://access.redhat.com/security/cve/CVE-2016-4166 https://access.redhat.com/security/cve/CVE-2016-4171 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXY7HIXlSAg2UNWIIRAmytAJ9KBVDAyt7RbmNznJhC6uA9WwA6tACfSNyo /QNQeCm3xe5AByAOnb1Veh0= =5kdV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose
"www-plugins/adobe-flash-11.2.202.626"
References
[ 1 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 2 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 3 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 4 ] CVE-2016-4117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
[ 5 ] CVE-2016-4117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
[ 6 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 7 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 8 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 9 ] CVE-2016-4121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121
[ 10 ] CVE-2016-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160
[ 11 ] CVE-2016-4161
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161
[ 12 ] CVE-2016-4162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162
[ 13 ] CVE-2016-4163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163
[ 14 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
[ 15 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
[ 16 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.621"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "21.0.0.242"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "linux enterprise workstation extension",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.352"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.626 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "22.0.0.192 (windows 10/8.1 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "22.0.0.192 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 22.0.0.192 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.360 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 i386"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 x86_64"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 i386"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 x86_64"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 i386"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 x86_64"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 i386"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 x86_64"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 i386"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 x86_64"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 i386"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6 x86_64"
},
{
"model": "windows 10",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.53.64"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.51.66"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.452"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3218"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.22.87"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.15.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.36"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.35"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.262"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.2460"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.152.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.151.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.124.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.48.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.47.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.45.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.31.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.289.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.283.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.280"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.28.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.277.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.262.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.260.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.246.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.159.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.155.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.115.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8.0.35.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8.0.34.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.73.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.70.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.69.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.68.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.67.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.66.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.61.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.60.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.53.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.24.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.19.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.14.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "6.0.79"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "6.0.21.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.229"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.223"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.112.61"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.9"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.63"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.62"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.55"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.1.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.4"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.26"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.14"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.159.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.157.51"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.156.12"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.28"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.27"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.24"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.13"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.153.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.33"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.32"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.85.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.82.76"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.15"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.14.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.106.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.105.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.65"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.64"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.42.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.32.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "BID",
"id": "91184"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anton Ivanov and Costin Raiu of Kaspersky Lab",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.1,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4171",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-003167",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-92990",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-003167",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4171",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-4171",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4171",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-003167",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-343",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-92990",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-4171",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "VULHUB",
"id": "VHN-92990"
},
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Attack activity using this vulnerability has been confirmed. For more information, APSA16-03 and APSB16-18 Please confirm. APSA16-03 https://helpx.adobe.com/jp/security/products/flash-player/apsa16-03.html APSB16-18 https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.htmlCrafted SWF Web pages with content, HTML document, PDF File, Microsoft Office An arbitrary code may be executed by opening a document. Failed exploit attempts will likely cause a denial-of-service condition. \nAdobe Flash Player 21.0.0.242 and prior versions are vulnerable. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:1238-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1238\nIssue date: 2016-06-17\nCVE Names: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 \n CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 \n CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 \n CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 \n CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 \n CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 \n CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 \n CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 \n CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 \n CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 \n CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 \n CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 \n=====================================================================\n\n1. Summary:\n\nAn update for flash-plugin is now available for Red Hat Enterprise Linux 5\nSupplementary and Red Hat Enterprise Linux 6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. These\nvulnerabilities, detailed in the Adobe Security Bulletin listed in the\nReferences section, could allow an attacker to create a specially crafted\nSWF file that would cause flash-plugin to crash, execute arbitrary code, or\ndisclose sensitive information when the victim loaded a page containing the\nmalicious SWF content. (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124,\nCVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130,\nCVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135,\nCVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140,\nCVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145,\nCVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150,\nCVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155,\nCVE-2016-4156, CVE-2016-4166, CVE-2016-4171)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1346665 - flash-plugin: multiple code execution issues fixed in APSB16-18\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.626-1.el5_11.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.626-1.el5_11.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.626-1.el5_11.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.626-1.el5_11.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.626-1.el6_8.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-4122\nhttps://access.redhat.com/security/cve/CVE-2016-4123\nhttps://access.redhat.com/security/cve/CVE-2016-4124\nhttps://access.redhat.com/security/cve/CVE-2016-4125\nhttps://access.redhat.com/security/cve/CVE-2016-4127\nhttps://access.redhat.com/security/cve/CVE-2016-4128\nhttps://access.redhat.com/security/cve/CVE-2016-4129\nhttps://access.redhat.com/security/cve/CVE-2016-4130\nhttps://access.redhat.com/security/cve/CVE-2016-4131\nhttps://access.redhat.com/security/cve/CVE-2016-4132\nhttps://access.redhat.com/security/cve/CVE-2016-4133\nhttps://access.redhat.com/security/cve/CVE-2016-4134\nhttps://access.redhat.com/security/cve/CVE-2016-4135\nhttps://access.redhat.com/security/cve/CVE-2016-4136\nhttps://access.redhat.com/security/cve/CVE-2016-4137\nhttps://access.redhat.com/security/cve/CVE-2016-4138\nhttps://access.redhat.com/security/cve/CVE-2016-4139\nhttps://access.redhat.com/security/cve/CVE-2016-4140\nhttps://access.redhat.com/security/cve/CVE-2016-4141\nhttps://access.redhat.com/security/cve/CVE-2016-4142\nhttps://access.redhat.com/security/cve/CVE-2016-4143\nhttps://access.redhat.com/security/cve/CVE-2016-4144\nhttps://access.redhat.com/security/cve/CVE-2016-4145\nhttps://access.redhat.com/security/cve/CVE-2016-4146\nhttps://access.redhat.com/security/cve/CVE-2016-4147\nhttps://access.redhat.com/security/cve/CVE-2016-4148\nhttps://access.redhat.com/security/cve/CVE-2016-4149\nhttps://access.redhat.com/security/cve/CVE-2016-4150\nhttps://access.redhat.com/security/cve/CVE-2016-4151\nhttps://access.redhat.com/security/cve/CVE-2016-4152\nhttps://access.redhat.com/security/cve/CVE-2016-4153\nhttps://access.redhat.com/security/cve/CVE-2016-4154\nhttps://access.redhat.com/security/cve/CVE-2016-4155\nhttps://access.redhat.com/security/cve/CVE-2016-4156\nhttps://access.redhat.com/security/cve/CVE-2016-4166\nhttps://access.redhat.com/security/cve/CVE-2016-4171\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-18.html\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-03.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXY7HIXlSAg2UNWIIRAmytAJ9KBVDAyt7RbmNznJhC6uA9WwA6tACfSNyo\n/QNQeCm3xe5AByAOnb1Veh0=\n=5kdV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose\n\"www-plugins/adobe-flash-11.2.202.626\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 2 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 3 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 4 ] CVE-2016-4117\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117\n[ 5 ] CVE-2016-4117\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117\n[ 6 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 7 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 8 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 9 ] CVE-2016-4121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121\n[ 10 ] CVE-2016-4160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160\n[ 11 ] CVE-2016-4161\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161\n[ 12 ] CVE-2016-4162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162\n[ 13 ] CVE-2016-4163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163\n[ 14 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n[ 15 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n[ 16 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4171"
},
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "BID",
"id": "91184"
},
{
"db": "VULHUB",
"id": "VHN-92990"
},
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "PACKETSTORM",
"id": "137517"
},
{
"db": "PACKETSTORM",
"id": "137537"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/748992",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#748992",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4171",
"trust": 3.1
},
{
"db": "BID",
"id": "91184",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036094",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99609116",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92990",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4171",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137537",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "VULHUB",
"id": "VHN-92990"
},
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "BID",
"id": "91184"
},
{
"db": "PACKETSTORM",
"id": "137517"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"id": "VAR-201606-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92990"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:54.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-18",
"trust": 0.8,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
},
{
"title": "APSA16-03",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsa16-03.html"
},
{
"title": "APSB16-18",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.html"
},
{
"title": "APSA16-03",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/flash-player/apsa16-03.html"
},
{
"title": "5 \u3064\u306e\u30b9\u30c6\u30c3\u30d7\u3067 Flash Player \u3092\u7c21\u5358\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/flash-player.html"
},
{
"title": "Flash Player \u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb | Mac OS",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/flash-player/kb/uninstall-flash-player-mac-os.html"
},
{
"title": "Flash Player \u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb | Windows",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/flash-player/kb/uninstall-flash-player-windows.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "MS16-083",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/ms16-083.aspx"
},
{
"title": "RHSA-2016:1238",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"title": "MS16-083",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/ms16-083.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160620f.html"
},
{
"title": "Adobe Flash Player Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62287"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/06/16/adobe_36_flash_flaws/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/06/15/east_euro_crims_pwning_high_profile_victims_with_flash_zero_day/"
},
{
"title": "Red Hat: CVE-2016-4171",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-4171"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/kaspersky-security-bulletin-2016-executive-summary/76858/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/76396/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/it-threat-evolution-in-q2-2016-statistics/75640/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/operation-daybreak/75100/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/fix-coming-for-flash-vulnerability-under-attack/118652/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
},
{
"trust": 2.7,
"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-03.html"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/748992"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-08"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1238"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/91184"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036094"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/vulnrichment/issues/196"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-4171"
},
{
"trust": 0.8,
"url": "https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html"
},
{
"trust": 0.8,
"url": "https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html"
},
{
"trust": 0.8,
"url": "http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4171"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160615-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160026.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99609116/"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4171"
},
{
"trust": 0.8,
"url": "http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=18592"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/06/16/adobe_36_flash_flaws/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4142"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4171"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4142"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4123"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4132"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4138"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4152"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4147"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4124"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4138"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4145"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4120"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4120"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4171"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4161"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4163"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "VULHUB",
"id": "VHN-92990"
},
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "BID",
"id": "91184"
},
{
"db": "PACKETSTORM",
"id": "137517"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#748992"
},
{
"db": "VULHUB",
"id": "VHN-92990"
},
{
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"db": "BID",
"id": "91184"
},
{
"db": "PACKETSTORM",
"id": "137517"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#748992"
},
{
"date": "2016-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-92990"
},
{
"date": "2016-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91184"
},
{
"date": "2016-06-17T23:50:16",
"db": "PACKETSTORM",
"id": "137517"
},
{
"date": "2016-06-18T13:14:00",
"db": "PACKETSTORM",
"id": "137537"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"date": "2016-06-16T14:59:51.017000",
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-16T00:00:00",
"db": "CERT/CC",
"id": "VU#748992"
},
{
"date": "2017-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-92990"
},
{
"date": "2021-11-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4171"
},
{
"date": "2016-07-06T15:01:00",
"db": "BID",
"id": "91184"
},
{
"date": "2021-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-343"
},
{
"date": "2016-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003167"
},
{
"date": "2025-11-17T20:15:47.760000",
"db": "NVD",
"id": "CVE-2016-4171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash memory corruption vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#748992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-343"
}
],
"trust": 0.6
}
}
VAR-201605-0105
Vulnerability from variot - Updated: 2025-11-18 15:06Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. Attacks on this vulnerability 2016 Year 5 Observed on the moon.A third party may execute arbitrary code. Limited information is currently available regarding this issue. We will update this BID as more information emerges. Failed exploit attempts will likely cause a denial-of-service condition. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.343 and earlier versions, AIR Desktop Runtime 21.0.0.198 and earlier versions, based on Windows , Macintosh, Linux and ChromeOS platforms Adobe Flash Player for Google Chrome 21.0.0.216 and previous versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.241 and previous versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 21.0.0.241 and earlier versions, Adobe Flash Player for Linux 11.2.202.616 and earlier versions based on Linux platforms, AIR SDK 21.0.0.198 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 21.0.0.198 and earlier versions.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose
"www-plugins/adobe-flash-11.2.202.626"
References
[ 1 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 2 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 3 ] CVE-2016-1019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
[ 4 ] CVE-2016-4117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
[ 5 ] CVE-2016-4117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
[ 6 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 7 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 8 ] CVE-2016-4120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
[ 9 ] CVE-2016-4121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121
[ 10 ] CVE-2016-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160
[ 11 ] CVE-2016-4161
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161
[ 12 ] CVE-2016-4162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162
[ 13 ] CVE-2016-4163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163
[ 14 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
[ 15 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
[ 16 ] CVE-2016-4171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:1079-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1079.html
Issue date: 2016-05-13
CVE Names: CVE-2016-1096 CVE-2016-1097 CVE-2016-1098
CVE-2016-1099 CVE-2016-1100 CVE-2016-1101
CVE-2016-1102 CVE-2016-1103 CVE-2016-1104
CVE-2016-1105 CVE-2016-1106 CVE-2016-1107
CVE-2016-1108 CVE-2016-1109 CVE-2016-1110
CVE-2016-4108 CVE-2016-4109 CVE-2016-4110
CVE-2016-4111 CVE-2016-4112 CVE-2016-4113
CVE-2016-4114 CVE-2016-4115 CVE-2016-4116
CVE-2016-4117
=====================================================================
- Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
This update upgrades Flash Player to version 11.2.202.621. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098,
CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,
CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108,
CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110,
CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,
CVE-2016-4116, CVE-2016-4117)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1335058 - flash-plugin: multiple code execution issues fixed in APSB16-15
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.621-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.621-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.621-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.621-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.621-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-1096
https://access.redhat.com/security/cve/CVE-2016-1097
https://access.redhat.com/security/cve/CVE-2016-1098
https://access.redhat.com/security/cve/CVE-2016-1099
https://access.redhat.com/security/cve/CVE-2016-1100
https://access.redhat.com/security/cve/CVE-2016-1101
https://access.redhat.com/security/cve/CVE-2016-1102
https://access.redhat.com/security/cve/CVE-2016-1103
https://access.redhat.com/security/cve/CVE-2016-1104
https://access.redhat.com/security/cve/CVE-2016-1105
https://access.redhat.com/security/cve/CVE-2016-1106
https://access.redhat.com/security/cve/CVE-2016-1107
https://access.redhat.com/security/cve/CVE-2016-1108
https://access.redhat.com/security/cve/CVE-2016-1109
https://access.redhat.com/security/cve/CVE-2016-1110
https://access.redhat.com/security/cve/CVE-2016-4108
https://access.redhat.com/security/cve/CVE-2016-4109
https://access.redhat.com/security/cve/CVE-2016-4110
https://access.redhat.com/security/cve/CVE-2016-4111
https://access.redhat.com/security/cve/CVE-2016-4112
https://access.redhat.com/security/cve/CVE-2016-4113
https://access.redhat.com/security/cve/CVE-2016-4114
https://access.redhat.com/security/cve/CVE-2016-4115
https://access.redhat.com/security/cve/CVE-2016-4116
https://access.redhat.com/security/cve/CVE-2016-4117
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXNYc9XlSAg2UNWIIRAtopAKDCq8K7AWR/+AAKrOpY2PWlaTYsUQCffEl1
I1hRJ8VqBTq66tQjdN0l5dE=
=xrRV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0105",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server from rhui",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "enterprise linux server from rhui",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise workstation extension",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "evergreen",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "21.0.0.226"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.215 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.215 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.215 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.621 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.242 (windows 10/8.1 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.242 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.242 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.352 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "11"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0179"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0177"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0176"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0259"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0252"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0214"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0182"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.070"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700275"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700232"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700169"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.6.602105"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502131"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502124"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502118"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.50080"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.4.400231"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300271"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300270"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300268"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300265"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300262"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300257"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300250"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300231"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300214"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.20295"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202425"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202418"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202400"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202359"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202350"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202346"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202341"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202297"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202280"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202238"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202236"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202221"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202197"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202160"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.11569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.11554"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.11164"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.11150"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.198"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.160"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.1129"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.53.64"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.51.66"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.452"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3218"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.22.87"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.15.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.36"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.35"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.262"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.2460"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.152.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.151.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.124.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.9.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.8.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.48.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.47.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.45.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.31.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.289.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.283.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.280"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.28.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.277.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.262.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.260.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.246.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.159.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.155.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0.115.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8.0.35.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8.0.34.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.73.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.70.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.69.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.68.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.67.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.66.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.61.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.60.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.53.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.24.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.19.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0.14.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "6.0.79"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "6.0.21.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.241"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.216"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.213"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.197"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.182"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.267"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.343"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.333"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.324"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.268"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.261"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.255"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.252"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.241"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.232"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.209"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.204"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.203"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.194"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.161"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.160"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.143"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.188"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.169"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.134"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.305"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.296"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.291"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.287"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.257"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.234"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.246"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.242"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.239"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.223"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.189"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.145"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.125"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.309"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.302"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.296"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.292"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.289"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.281"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.277"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.269"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.264"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.262"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.260"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.258"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.250"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.244"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.241"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.231"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.223"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.206"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0.0.201"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.0.0.77"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.0.0.44"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.0.0.43"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.0.0.41"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12.0.0.38"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "12"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.9.900.170"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.9.900.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.9.900.117"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.8.800.97"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.8.800.94"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.8.800.170"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.8.800.168"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.279"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.272"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.269"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.261"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.260"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.257"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.252"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.242"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.225"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.224"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.203"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.7.700.202"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.6.602.180"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.6.602.171"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.6.602.168"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.6.602.167"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502.149"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502.146"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502.136"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502.135"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.502.110"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.4.402.287"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.4.402.278"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.4.402.265"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.378.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.31.230"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.3.300.273"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.616"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.577"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.554"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.548"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.540"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.535"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.521"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.508"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.491"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.481"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.468"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.466"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.460"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.457"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.451"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.442"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.440"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.438"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.429"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.424"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.411"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.406"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.394"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.378"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.356"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.336"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.335"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.332"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.327"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.310"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.291"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.285"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.275"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.273"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.270"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.262"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.261"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.258"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.251"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.243"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.238"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.229"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.223"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.81"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.63"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.59"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.58"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.48"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.115.11"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.112.61"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.9"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.73"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.54"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.44"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.111.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.63"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.62"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.59"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.55"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.1.153"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.1.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.24"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.86"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.75"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.68"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.67"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.63"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.61"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.51"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.50"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.48"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.43"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.4"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.29"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.20"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.19"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.15"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.11"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.26"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.14"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.159.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.157.51"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.156.12"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.28"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.27"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.24"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.13"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.153.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.33"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.32"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.26"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.8"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.85.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.82.76"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.15"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.14.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.14"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.106.17"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.106.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.105.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.65"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.64"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.42.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.32.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.2.54"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0356"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0178"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.083"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0111"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4.0.0.1390"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.9.0.1380"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.198"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.176"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.204"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.213"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.190"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.199"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.180"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.144"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.143"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.172"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.144"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.272"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.302"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.249"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.179"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.137"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.110"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.7.0.16600"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.7.0.15300"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0356"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0179"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0178"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.083"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "13.0111"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4.01628"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.71860"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.71660"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.71530"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.33610"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.0.4"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.0.3"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.3.9130"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.3.9120"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.3"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.2"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.1"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4.0.0.1390"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.9.0.1380"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.9.0.1210"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.9.0.1060"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.9.0.1030"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.8.0.910"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.8.0.870"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.8.0.1430"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.7.0.2100"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.7.0.2090"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.6.0.6090"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.6.0.599"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.6.0.597"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.5.0.890"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.5.0.880"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.5.0.600"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.5.0.1060"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.4.0.2710"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.4.0.2540"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.3.0.3690"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.3.0.3670"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.3.0.3650"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.2.0.2080"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.2.0.2070"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.2.0.207"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.1.0.4880"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.1.0.488"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.1.0.485"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.0.0.4080"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.0.0.408"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "3.0"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.198"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.176"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "20.0.0.204"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.1.19610"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.1.1961"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.1"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.0.19530"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.0.1953"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.0.19480"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7.0.1948"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.7"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.6.19140"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.6.19120"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.6.0.19140"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.6.0.19120"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.6"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.5.1.17730"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.5.1"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.5.0.16600"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.0.3.13070"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.0.2.12610"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "2.0.2"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.213"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "19.0.0.190"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.199"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.180"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.144"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.143"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.172"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "17.0.0.144"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.272"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "16.0.0.245"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.293"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.252"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "15.0.0.249"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.137"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "14.0.0.110"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.1.8210"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5.0.7220"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.5"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.1.0.5790"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.1"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.01"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.0.8.4990"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.0.4990"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.0.1"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "1.0"
},
{
"model": "flash player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.242"
},
{
"model": "flash player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "18.0.0.352"
},
{
"model": "flash player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "11.2.202.621"
},
{
"model": "air sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.215"
},
{
"model": "air",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "21.0.0.215"
}
],
"sources": [
{
"db": "BID",
"id": "90505"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genwei Jiang of FireEye, Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4117",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-92936",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4117",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4117",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4117",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4117",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-4117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4117",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-355",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-92936",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-4117",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. Attacks on this vulnerability 2016 Year 5 Observed on the moon.A third party may execute arbitrary code. \nLimited information is currently available regarding this issue. We will update this BID as more information emerges. Failed exploit attempts will likely cause a denial-of-service condition. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.343 and earlier versions, AIR Desktop Runtime 21.0.0.198 and earlier versions, based on Windows , Macintosh, Linux and ChromeOS platforms Adobe Flash Player for Google Chrome 21.0.0.216 and previous versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.241 and previous versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 21.0.0.241 and earlier versions, Adobe Flash Player for Linux 11.2.202.616 and earlier versions based on Linux platforms, AIR SDK 21.0.0.198 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 21.0.0.198 and earlier versions. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose\n\"www-plugins/adobe-flash-11.2.202.626\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 2 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 3 ] CVE-2016-1019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019\n[ 4 ] CVE-2016-4117\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117\n[ 5 ] CVE-2016-4117\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117\n[ 6 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 7 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 8 ] CVE-2016-4120\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120\n[ 9 ] CVE-2016-4121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121\n[ 10 ] CVE-2016-4160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160\n[ 11 ] CVE-2016-4161\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161\n[ 12 ] CVE-2016-4162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162\n[ 13 ] CVE-2016-4163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163\n[ 14 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n[ 15 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n[ 16 ] CVE-2016-4171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:1079-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1079.html\nIssue date: 2016-05-13\nCVE Names: CVE-2016-1096 CVE-2016-1097 CVE-2016-1098 \n CVE-2016-1099 CVE-2016-1100 CVE-2016-1101 \n CVE-2016-1102 CVE-2016-1103 CVE-2016-1104 \n CVE-2016-1105 CVE-2016-1106 CVE-2016-1107 \n CVE-2016-1108 CVE-2016-1109 CVE-2016-1110 \n CVE-2016-4108 CVE-2016-4109 CVE-2016-4110 \n CVE-2016-4111 CVE-2016-4112 CVE-2016-4113 \n CVE-2016-4114 CVE-2016-4115 CVE-2016-4116 \n CVE-2016-4117 \n=====================================================================\n\n1. Summary:\n\nAn update for flash-plugin is now available for Red Hat Enterprise Linux 5\nSupplementary and Red Hat Enterprise Linux 6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. \n\nThis update upgrades Flash Player to version 11.2.202.621. These\nvulnerabilities, detailed in the Adobe Security Bulletin listed in the\nReferences section, could allow an attacker to create a specially crafted\nSWF file that would cause flash-plugin to crash, execute arbitrary code, or\ndisclose sensitive information when the victim loaded a page containing the\nmalicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098,\nCVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,\nCVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108,\nCVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110,\nCVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,\nCVE-2016-4116, CVE-2016-4117)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1335058 - flash-plugin: multiple code execution issues fixed in APSB16-15\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.621-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.621-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.621-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.621-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.621-1.el6_8.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-1096\nhttps://access.redhat.com/security/cve/CVE-2016-1097\nhttps://access.redhat.com/security/cve/CVE-2016-1098\nhttps://access.redhat.com/security/cve/CVE-2016-1099\nhttps://access.redhat.com/security/cve/CVE-2016-1100\nhttps://access.redhat.com/security/cve/CVE-2016-1101\nhttps://access.redhat.com/security/cve/CVE-2016-1102\nhttps://access.redhat.com/security/cve/CVE-2016-1103\nhttps://access.redhat.com/security/cve/CVE-2016-1104\nhttps://access.redhat.com/security/cve/CVE-2016-1105\nhttps://access.redhat.com/security/cve/CVE-2016-1106\nhttps://access.redhat.com/security/cve/CVE-2016-1107\nhttps://access.redhat.com/security/cve/CVE-2016-1108\nhttps://access.redhat.com/security/cve/CVE-2016-1109\nhttps://access.redhat.com/security/cve/CVE-2016-1110\nhttps://access.redhat.com/security/cve/CVE-2016-4108\nhttps://access.redhat.com/security/cve/CVE-2016-4109\nhttps://access.redhat.com/security/cve/CVE-2016-4110\nhttps://access.redhat.com/security/cve/CVE-2016-4111\nhttps://access.redhat.com/security/cve/CVE-2016-4112\nhttps://access.redhat.com/security/cve/CVE-2016-4113\nhttps://access.redhat.com/security/cve/CVE-2016-4114\nhttps://access.redhat.com/security/cve/CVE-2016-4115\nhttps://access.redhat.com/security/cve/CVE-2016-4116\nhttps://access.redhat.com/security/cve/CVE-2016-4117\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-15.html\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-02.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXNYc9XlSAg2UNWIIRAtopAKDCq8K7AWR/+AAKrOpY2PWlaTYsUQCffEl1\nI1hRJ8VqBTq66tQjdN0l5dE=\n=xrRV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4117"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "BID",
"id": "90505"
},
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "PACKETSTORM",
"id": "136991"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-92936",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46339",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4117",
"trust": 3.1
},
{
"db": "BID",
"id": "90505",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1035826",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "46339",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1148",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151589",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-92936",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4117",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137537",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136991",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "BID",
"id": "90505"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "PACKETSTORM",
"id": "136991"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"id": "VAR-201605-0105",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92936"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:54.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSA16-02",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsa16-02.html"
},
{
"title": "APSB16-15",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-15.html"
},
{
"title": "APSA16-02",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsa16-02.html"
},
{
"title": "APSB16-15",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-15.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "MS16-064",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/ms16-064.aspx"
},
{
"title": "MS16-064",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/ms16-064.aspx"
},
{
"title": "Adobe Flash Player Fixes for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61673"
},
{
"title": "CVE-2016-4117-Report",
"trust": 0.1,
"url": "https://github.com/amit-raut/CVE-2016-4117-Report "
},
{
"title": "panopticon-FancyBear",
"trust": 0.1,
"url": "https://github.com/Panopticon-Project/panopticon-FancyBear "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-flash-zero-day-used-by-blackoasis-apt/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/apt-trends-report-q2-2017/79332/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/university-college-london-ransomware-linked-to-adgholas-malvertising-group/126405/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/12/08/masterful_malvertisers_pwn_channel_9_sky_msn_in_stealth_attacks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/flash-exploit-found-in-seven-exploit-kits/122284/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/new-stegano-exploit-kit-hides-malvertising-code-in-image-pixels/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/rig-picks-up-where-neutrino-left-off-pushes-crypmic-ransomware/120735/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/09/05/sundown_exploit_kit_authors_champions_of_copypaste_hacking/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/it-threat-evolution-in-q2-2016-statistics/75640/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/operation-daybreak/75100/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/06/15/east_euro_crims_pwning_high_profile_victims_with_flash_zero_day/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cryptxxx-ransomware-jumps-from-angler-to-neutrino-exploit-kit/118570/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/05/25/flash_flaw_abused_to_sling_ransomware/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/two-exploit-kits-spreading-attacks-for-recent-flash-player-zero-day/118236/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/05/12/adobesighissues_critical_patchsighfor_flash_player_zero_day/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/emergency-flash-update-patches-public-zero-day/118055/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2016/05/12/adobe-flash-zero-day-in-wild/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/05/12/flash_zero_day_hole/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/adobe-warns-of-flash-zero-day-patches-acrobat-reader/117981/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-releases-updates-for-reader-acrobat-coldfusion-releases-advisory-on-flash/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"
},
{
"trust": 1.6,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/90505"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201606-08"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1079.html"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/46339/"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035826"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/vulnrichment/issues/196"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-4117"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4117"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160511-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2016/at160024.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4117"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=18389"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/render.html?it=34338"
},
{
"trust": 0.3,
"url": "https://www.adobe.com/software/flash/about/"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/ms16-064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4117"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/amit-raut/cve-2016-4117-report"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/46339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4120"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4120"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4171"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4161"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4163"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1102"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1109"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1102"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1101"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1101"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1098"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1100"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4108"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1100"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1110"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1108"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4117"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1104"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4109"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4109"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1096"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "BID",
"id": "90505"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "PACKETSTORM",
"id": "136991"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92936"
},
{
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"db": "BID",
"id": "90505"
},
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "PACKETSTORM",
"id": "136991"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-92936"
},
{
"date": "2016-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90505"
},
{
"date": "2016-06-18T13:14:00",
"db": "PACKETSTORM",
"id": "137537"
},
{
"date": "2016-05-13T16:14:26",
"db": "PACKETSTORM",
"id": "136991"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"date": "2016-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"date": "2016-05-11T01:59:46.137000",
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-92936"
},
{
"date": "2019-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4117"
},
{
"date": "2017-09-28T17:00:00",
"db": "BID",
"id": "90505"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-355"
},
{
"date": "2016-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002599"
},
{
"date": "2025-11-17T20:15:47.213000",
"db": "NVD",
"id": "CVE-2016-4117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137537"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002599"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-355"
}
],
"trust": 0.6
}
}
VAR-201703-0607
Vulnerability from variot - Updated: 2025-04-20 23:16Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021. According to Microsoft security bulletins, this vulnerability Hyper-V vSMB As a remote code execution vulnerability. Microsoft Windows is a series of operating systems from Microsoft Corporation. Hyper-V is one of these virtualization products. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0607",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1511"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1607 for x64-based systems"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems (server core install )"
},
{
"model": "windows gold",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "10"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "101511"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "101607"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "windows hyper-v",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "windows server 2016",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "BID",
"id": "96699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2016",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Bar Or, Windows Defender ATP Research Team.",
"sources": [
{
"db": "BID",
"id": "96699"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CVE-2017-0095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CNVD-2017-03849",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2017-0095",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-0095",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-0095",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03849",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-761",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka \"Hyper-V vSMB Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0021. According to Microsoft security bulletins, this vulnerability Hyper-V vSMB As a remote code execution vulnerability. Microsoft Windows is a series of operating systems from Microsoft Corporation. Hyper-V is one of these virtualization products. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0095"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "BID",
"id": "96699"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0095",
"trust": 3.3
},
{
"db": "BID",
"id": "96699",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1037999",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-03849",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "BID",
"id": "96699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"id": "VAR-201703-0607",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
}
]
},
"last_update_date": "2025-04-20T23:16:17.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS17-008",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/ms17-008.aspx"
},
{
"title": "CVE-2017-0095 | Hyper-V vSMB Remote Code Execution Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095"
},
{
"title": "CVE-2017-0095 | Hyper-V vSMB \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-0095"
},
{
"title": "MS17-008",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/ms17-008.aspx"
},
{
"title": "Patch for Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2017-03849)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91479"
},
{
"title": "Microsoft Windows Hyper-V Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68575"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0095"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96699"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037999"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0095"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20170315-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170011.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-0095"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms17-008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "BID",
"id": "96699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"db": "BID",
"id": "96699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"date": "2017-03-14T00:00:00",
"db": "BID",
"id": "96699"
},
{
"date": "2017-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"date": "2017-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"date": "2017-03-17T00:59:02.540000",
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03849"
},
{
"date": "2017-03-16T00:03:00",
"db": "BID",
"id": "96699"
},
{
"date": "2017-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001849"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-761"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-0095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows 10 and Windows Server 2016 of Hyper-V Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-761"
}
],
"trust": 0.6
}
}
VAR-201611-0235
Vulnerability from variot - Updated: 2025-04-13 23:35Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability.". According to Microsoft security bulletins, this vulnerability VHD Driver Elevation of Privilege Vulnerability ”. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through a specially crafted application. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. A local attacker can exploit this issue to run processes with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1511"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1607 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1607 for x64-based systems"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems (server core install )"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "10"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "101511"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "101607"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "BID",
"id": "94016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2016",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "James Forshaw of Google Project Zero",
"sources": [
{
"db": "BID",
"id": "94016"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7225",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11026",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2016-7225",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7225",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7225",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11026",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-172",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\". According to Microsoft security bulletins, this vulnerability VHD Driver Elevation of Privilege Vulnerability \u201d. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through a specially crafted application. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. \nA local attacker can exploit this issue to run processes with elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7225"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "BID",
"id": "94016"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7225",
"trust": 3.3
},
{
"db": "BID",
"id": "94016",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1037248",
"trust": 1.0
},
{
"db": "EXPLOIT-DB",
"id": "40764",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-11026",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "35363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "BID",
"id": "94016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"id": "VAR-201611-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
}
]
},
"last_update_date": "2025-04-13T23:35:02.398000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS16-138",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/ms16-138.aspx"
},
{
"title": "MS16-138",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/ms16-138.aspx"
},
{
"title": "Patch for Microsoft VHD Driver Privilege Escalation Vulnerability (CNVD-2016-11026)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83743"
},
{
"title": "Microsoft Windows VHD Fixes for driver privilege elevation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65544"
},
{
"title": "Microsoft Windows VHD Fixes for driver privilege elevation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65396"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/94016"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1037248"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/40764/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7225"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20161109-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160046.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7225"
},
{
"trust": 0.6,
"url": "https://technet.microsoft.com/library/security/ms16-138"
},
{
"trust": 0.6,
"url": "http://technet.microsoft.com/security/bulletin/ms16-138"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/35363"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/default.mspx"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms16-138"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "BID",
"id": "94016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"db": "BID",
"id": "94016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94016"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"date": "2016-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"date": "2016-11-10T06:59:38.063000",
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11026"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94016"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005808"
},
{
"date": "2016-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-172"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-7225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94016"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows 10 and Windows Server 2016 Privilege Escalation Vulnerability in Virtual Hard Disk Driver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005808"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-172"
}
],
"trust": 0.6
}
}
VAR-201603-0276
Vulnerability from variot - Updated: 2025-04-13 23:03Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. This vulnerability CVE-2016-0963 and CVE-2016-1010 Is a different vulnerability.An attacker could execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0993",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0993",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88503",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0993",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0993",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0993",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-186",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88503",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0993",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. This vulnerability CVE-2016-0963 and CVE-2016-1010 Is a different vulnerability.An attacker could execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0993",
"trust": 2.8
},
{
"db": "BID",
"id": "84308",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88503",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0993",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"id": "VAR-201603-0276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88503"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product Integer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60545"
},
{
"title": "Red Hat: CVE-2016-0993",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0993"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0993 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0963 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1010 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84308"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0993"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0993"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88503"
},
{
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88503"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"date": "2016-03-12T15:59:13.743000",
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88503"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0993"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001732"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-186"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0993"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001732"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-186"
}
],
"trust": 0.6
}
}
VAR-201602-0340
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0969",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0969",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0969",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88479",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0969",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0969",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-227",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88479",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0969",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0969",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88479",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"id": "VAR-201602-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88479"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60169"
},
{
"title": "Red Hat: CVE-2016-0969",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0969"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0969"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0969"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88479"
},
{
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88479"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"date": "2016-02-10T20:59:16.890000",
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-88479"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0969"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001428"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-227"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0969"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-227"
}
],
"trust": 0.6
}
}
VAR-201603-0270
Vulnerability from variot - Updated: 2025-04-13 23:03Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. This vulnerability CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0995 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 , CVE-2016-0999 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0987",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0987",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0987",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-196",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88497",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0987",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. This vulnerability CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0995 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 , CVE-2016-0999 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0987",
"trust": 2.8
},
{
"db": "BID",
"id": "84312",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"id": "VAR-201603-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88497"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60554"
},
{
"title": "Red Hat: CVE-2016-0987",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0987"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0996 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0997 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0995 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0994 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0987 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0990 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0998 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1000 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0999 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84312"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0987"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0987"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88497"
},
{
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88497"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"date": "2016-03-12T15:59:07.823000",
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88497"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0987"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001726"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-196"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-196"
}
],
"trust": 0.6
}
}
VAR-201602-0342
Vulnerability from variot - Updated: 2025-04-13 23:03Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors. An attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0971",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0971",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0971",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88481",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0971",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0971",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0971",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-229",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88481",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0971",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors. An attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39465",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0971"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0971",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39465",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "135820",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88481",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0971",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"id": "VAR-201602-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88481"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product-based patch-based buffer overflow vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60171"
},
{
"title": "Red Hat: CVE-2016-0971",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0971"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39465/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0971"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0971"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88481"
},
{
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88481"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"date": "2016-02-10T20:59:19.060000",
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-88481"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0971"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001430"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-229"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0971"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-229"
}
],
"trust": 0.6
}
}
VAR-201603-0268
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0960",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0960",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88470",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0960",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0960",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0960",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-195",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88470",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0960",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0960",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-88470",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"id": "VAR-201603-0268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88470"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.676000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60553"
},
{
"title": "Red Hat: CVE-2016-0960",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0960"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/beatriceteo-sandbox/udemy-application-security-the-complete-guide "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/FrostyBackpack/udemy-application-security-the-complete-guide "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0960"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0960"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/beatriceteo-sandbox/udemy-application-security-the-complete-guide"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88470"
},
{
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88470"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"date": "2016-03-12T15:59:02.790000",
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88470"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0960"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001721"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-195"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-195"
}
],
"trust": 0.6
}
}
VAR-201602-0321
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion.". Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlBy the attacker, " Mixing of molds (type confusion)" May be used to execute arbitrary code. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0321",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "nonfree",
"scope": "eq",
"trust": 0.6,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "linux enterprise workstation extension",
"scope": "eq",
"trust": 0.6,
"vendor": "opensuse",
"version": "12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0985",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0985",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0985",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-243",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88495",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0985",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\". Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlBy the attacker, \" Mixing of molds (type confusion)\" May be used to execute arbitrary code. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88495",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39461",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0985",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39461",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "135823",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88495",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"id": "VAR-201602-0321",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60185"
},
{
"title": "Red Hat: CVE-2016-0985",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0985"
},
{
"title": "icat4json",
"trust": 0.1,
"url": "https://github.com/spiegel-im-spiegel/icat4json "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39461/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0985"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0985"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/843.html"
},
{
"trust": 0.1,
"url": "https://github.com/spiegel-im-spiegel/icat4json"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88495"
},
{
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88495"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"date": "2016-02-10T20:59:33.517000",
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-88495"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0985"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001438"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-243"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-243"
}
],
"trust": 0.6
}
}
VAR-201602-0333
Vulnerability from variot - Updated: 2025-04-13 23:03Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984. This vulnerability CVE-2016-0973 , CVE-2016-0974 , CVE-2016-0975 , CVE-2016-0982 ,and CVE-2016-0984 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0983",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0983",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88493",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0983",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0983",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0983",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88493",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0983",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984. This vulnerability CVE-2016-0973 , CVE-2016-0974 , CVE-2016-0975 , CVE-2016-0982 ,and CVE-2016-0984 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0983",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88493",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0983",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"id": "VAR-201602-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88493"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60183"
},
{
"title": "Red Hat: CVE-2016-0983",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0983"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0983"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0983"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88493"
},
{
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88493"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"date": "2016-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"date": "2016-02-10T20:59:31.657000",
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-88493"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0983"
},
{
"date": "2016-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001467"
},
{
"date": "2023-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-241"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0983"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001467"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-241"
}
],
"trust": 0.6
}
}
VAR-201603-0261
Vulnerability from variot - Updated: 2025-04-13 23:03Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. This vulnerability CVE-2016-0987 , CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 , CVE-2016-0999 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0995",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0995",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88505",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0995",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0995",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0995",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-185",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88505",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0995",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. This vulnerability CVE-2016-0987 , CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 , CVE-2016-0999 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0995",
"trust": 2.8
},
{
"db": "BID",
"id": "84312",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88505",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0995",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"id": "VAR-201603-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88505"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60544"
},
{
"title": "Red Hat: CVE-2016-0995",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0995"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0995 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0994 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0987 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0990 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0998 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0996 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0997 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0999 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1000 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84312"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0995"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0995"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88505"
},
{
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88505"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"date": "2016-03-12T15:59:15.900000",
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88505"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0995"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001734"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-185"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-185"
}
],
"trust": 0.6
}
}
VAR-201603-0272
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0989",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0989",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0989",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0989",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-190",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88499",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0989",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0989",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88499",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0989",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"id": "VAR-201603-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88499"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.476000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60549"
},
{
"title": "Red Hat: CVE-2016-0989",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0989"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0989"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0989"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88499"
},
{
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88499"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"date": "2016-03-12T15:59:09.963000",
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88499"
},
{
"date": "2023-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0989"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001728"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-190"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-190"
}
],
"trust": 0.6
}
}
VAR-201602-0337
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0966",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0966",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0966",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88476",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0966",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0966",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88476",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"id": "VAR-201602-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88476"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:13.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60166"
},
{
"title": "Red Hat: CVE-2016-0966",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0966"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0966"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0966"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88476"
},
{
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88476"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"date": "2016-02-10T20:59:13.797000",
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-88476"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0966"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001425"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-224"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001425"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-224"
}
],
"trust": 0.6
}
}
VAR-201603-0201
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1002",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1002",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88754",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1002",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1002",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1002",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88754",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1002",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39608",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1002"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1002",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39608",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136362",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88754",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"id": "VAR-201603-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88754"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.798000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60538"
},
{
"title": "Red Hat: CVE-2016-1002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1002"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39608/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1002"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1002"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88754"
},
{
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88754"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"date": "2016-03-12T15:59:22.870000",
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88754"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1002"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001741"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-179"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001741"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-179"
}
],
"trust": 0.6
}
}
VAR-201603-0269
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0986",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0986",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0986",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0986",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0986",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88496",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0986",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0986",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88496",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0986",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"id": "VAR-201603-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88496"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.757000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60550"
},
{
"title": "Red Hat: CVE-2016-0986",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0986"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0986"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0986"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88496"
},
{
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88496"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"date": "2016-03-12T15:59:06.930000",
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88496"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0986"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001725"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-191"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0986"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001725"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-191"
}
],
"trust": 0.6
}
}
VAR-201603-0279
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0962",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0962",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88472",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0962",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0962",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0962",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88472",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0962",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0962",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88472",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0962",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"id": "VAR-201603-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88472"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Adobe Flash Player Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60555"
},
{
"title": "Red Hat: CVE-2016-0962",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0962"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0962"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0962"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88472"
},
{
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88472"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"date": "2016-03-12T15:59:05.023000",
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88472"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0962"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001723"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-197"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-197"
}
],
"trust": 0.6
}
}
VAR-201602-0335
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0964",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0964",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88474",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0964",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0964",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0964",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-222",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88474",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0964",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0976 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88474",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39467",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0964",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39467",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135816",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88474",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0964",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"id": "VAR-201602-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60164"
},
{
"title": "Red Hat: CVE-2016-0964",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0964"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39467/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0964"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0964"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88474"
},
{
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88474"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"date": "2016-02-10T20:59:11.873000",
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-88474"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0964"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001423"
},
{
"date": "2023-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-222"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001423"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-222"
}
],
"trust": 0.6
}
}
VAR-201603-0200
Vulnerability from variot - Updated: 2025-04-13 23:03Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. An attacker could exploit this vulnerability to execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1001",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-88743",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1001",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1001",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1001",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-180",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88743",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. An attacker could exploit this vulnerability to execute arbitrary code. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39609",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1001"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1001",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39609",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180",
"trust": 0.7
},
{
"db": "BID",
"id": "84310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136361",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88743",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"id": "VAR-201603-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88743"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product-based patch-based buffer overflow vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60539"
},
{
"title": "Red Hat: CVE-2016-1001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1001"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1001 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39609/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1001"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1001"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88743"
},
{
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88743"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"date": "2016-03-12T15:59:21.900000",
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88743"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1001"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001740"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-180"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-180"
}
],
"trust": 0.6
}
}
VAR-201603-0278
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0961",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0961",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88471",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0961",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0961",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0961",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88471",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0961",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-0992 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0961",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88471",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"id": "VAR-201603-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88471"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217646"
},
{
"title": "Red Hat: CVE-2016-0961",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0961"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0961"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0961"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88471"
},
{
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88471"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"date": "2016-03-12T15:59:03.773000",
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88471"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0961"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001722"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-192"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-192"
}
],
"trust": 0.6
}
}
VAR-201602-0326
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.569-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.559"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.272"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.260 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.260 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.569 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.306 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.306 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.329 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.326"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0976",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0976",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88486",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0976",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0976",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0976",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-234",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88486",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0976",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. This vulnerability CVE-2016-0964 , CVE-2016-0965 , CVE-2016-0966 , CVE-2016-0967 , CVE-2016-0968 , CVE-2016-0969 , CVE-2016-0970 , CVE-2016-0972 , CVE-2016-0977 , CVE-2016-0978 , CVE-2016-0979 , CVE-2016-0980 ,and CVE-2016-0981 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.326 and earlier versions, AIR Desktop Runtime 20.0.0.233 and earlier versions, based on Windows , Macintosh, Linux, and ChromeOS platforms Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions, Windows 10-based Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions, Windows 8.1-based Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier versions, Adobe Flash Player 11.2.202.559 and earlier versions based on Linux platforms, AIR SDK 20.0.0.233 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0166-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html\nIssue date: 2016-02-10\nCVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 \n CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 \n CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 \n CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 \n CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 \n CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 \n CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 \n CVE-2016-0985 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.569-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0964\nhttps://access.redhat.com/security/cve/CVE-2016-0965\nhttps://access.redhat.com/security/cve/CVE-2016-0966\nhttps://access.redhat.com/security/cve/CVE-2016-0967\nhttps://access.redhat.com/security/cve/CVE-2016-0968\nhttps://access.redhat.com/security/cve/CVE-2016-0969\nhttps://access.redhat.com/security/cve/CVE-2016-0970\nhttps://access.redhat.com/security/cve/CVE-2016-0971\nhttps://access.redhat.com/security/cve/CVE-2016-0972\nhttps://access.redhat.com/security/cve/CVE-2016-0973\nhttps://access.redhat.com/security/cve/CVE-2016-0974\nhttps://access.redhat.com/security/cve/CVE-2016-0975\nhttps://access.redhat.com/security/cve/CVE-2016-0976\nhttps://access.redhat.com/security/cve/CVE-2016-0977\nhttps://access.redhat.com/security/cve/CVE-2016-0978\nhttps://access.redhat.com/security/cve/CVE-2016-0979\nhttps://access.redhat.com/security/cve/CVE-2016-0980\nhttps://access.redhat.com/security/cve/CVE-2016-0981\nhttps://access.redhat.com/security/cve/CVE-2016-0982\nhttps://access.redhat.com/security/cve/CVE-2016-0983\nhttps://access.redhat.com/security/cve/CVE-2016-0984\nhttps://access.redhat.com/security/cve/CVE-2016-0985\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a\nBqfeXKQ7gO6znLLAPjMjwBk=\n=bzir\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0976",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034970",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88486",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"id": "VAR-201602-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88486"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"title": "APSB16-04",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-04.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-022.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3135782)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-022.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160212f.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60176"
},
{
"title": "Red Hat: CVE-2016-0976",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0976"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0166.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034970"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0976"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160210-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160008.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0976"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17700"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0969"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0968"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88486"
},
{
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "135727"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88486"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-02-11T17:41:19",
"db": "PACKETSTORM",
"id": "135727"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"date": "2016-02-10T20:59:24.217000",
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-88486"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0976"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001432"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-234"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001432"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-234"
}
],
"trust": 0.6
}
}
VAR-201603-0275
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier versions, AIR for Android 20.0.0.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0992",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0992",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88502",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0992",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0992",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0992",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-187",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88502",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0992",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. This vulnerability CVE-2016-0960 , CVE-2016-0961 , CVE-2016-0962 , CVE-2016-0986 , CVE-2016-0989 , CVE-2016-1002 ,and CVE-2016-1005 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier versions, AIR for Android 20.0.0. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0992",
"trust": 2.8
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88502",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0992",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"id": "VAR-201603-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88502"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60546"
},
{
"title": "Red Hat: CVE-2016-0992",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0992"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0992"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0992"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88502"
},
{
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88502"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"date": "2016-03-12T15:59:12.823000",
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88502"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0992"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001731"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-187"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-187"
}
],
"trust": 0.6
}
}
VAR-201603-0199
Vulnerability from variot - Updated: 2025-04-13 23:03Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force the dereference of an uninitialized pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. A memory corruption vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier versions, AIR for Android 20.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash",
"scope": null,
"trust": 0.7,
"vendor": "adobe",
"version": null
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AbdulAziz Hariri - Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
}
],
"trust": 1.3
},
"cve": "CVE-2016-1005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88787",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1005",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-1005",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88787",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1005",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force the dereference of an uninitialized pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. A memory corruption vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier versions, AIR for Android 20. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1005",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-16-192",
"trust": 2.5
},
{
"db": "BID",
"id": "84311",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3413",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88787",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"id": "VAR-201603-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88787"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 1.5,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60495"
},
{
"title": "Red Hat: CVE-2016-1005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1005"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0962 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0960 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0986 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1002 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0961 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0989 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1005 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0992 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84311"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-192/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1005"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1005"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/824.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"db": "VULHUB",
"id": "VHN-88787"
},
{
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88787"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"date": "2016-03-12T15:59:23.807000",
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-192"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88787"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1005"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001742"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-135"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-135"
}
],
"trust": 0.6
}
}
VAR-201603-0265
Vulnerability from variot - Updated: 2025-04-13 23:03Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. This vulnerability CVE-2016-0987 , CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0995 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK & Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
References
[ 1 ] CVE-2016-0960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960 [ 2 ] CVE-2016-0961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961 [ 3 ] CVE-2016-0962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962 [ 4 ] CVE-2016-0963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963 [ 5 ] CVE-2016-0964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964 [ 6 ] CVE-2016-0965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965 [ 7 ] CVE-2016-0966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966 [ 8 ] CVE-2016-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967 [ 9 ] CVE-2016-0968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968 [ 10 ] CVE-2016-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969 [ 11 ] CVE-2016-0970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970 [ 12 ] CVE-2016-0971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971 [ 13 ] CVE-2016-0972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972 [ 14 ] CVE-2016-0973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973 [ 15 ] CVE-2016-0974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974 [ 16 ] CVE-2016-0975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975 [ 17 ] CVE-2016-0976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976 [ 18 ] CVE-2016-0977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977 [ 19 ] CVE-2016-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978 [ 20 ] CVE-2016-0979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979 [ 21 ] CVE-2016-0980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980 [ 22 ] CVE-2016-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981 [ 23 ] CVE-2016-0982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982 [ 24 ] CVE-2016-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983 [ 25 ] CVE-2016-0984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984 [ 26 ] CVE-2016-0985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985 [ 27 ] CVE-2016-0986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986 [ 28 ] CVE-2016-0987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987 [ 29 ] CVE-2016-0988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988 [ 30 ] CVE-2016-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989 [ 31 ] CVE-2016-0990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990 [ 32 ] CVE-2016-0991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991 [ 33 ] CVE-2016-0992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992 [ 34 ] CVE-2016-0993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993 [ 35 ] CVE-2016-0994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994 [ 36 ] CVE-2016-0995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995 [ 37 ] CVE-2016-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996 [ 38 ] CVE-2016-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997 [ 39 ] CVE-2016-0998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998 [ 40 ] CVE-2016-0999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999 [ 41 ] CVE-2016-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000 [ 42 ] CVE-2016-1001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001 [ 43 ] CVE-2016-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002 [ 44 ] CVE-2016-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005 [ 45 ] CVE-2016-1010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 =====================================================================
- Summary:
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: flash-plugin-11.2.202.577-1.el5.i386.rpm
x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.233"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.2.2.306"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.176 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.176 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.577 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows 8.1 edition internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "21.0.0.182 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 21.0.0.182 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.333 (windows/macintosh)"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for 32-bit systems"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "version 1511 for x64-based systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for 32-bit systems"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "for x64-based systems"
},
{
"model": "windows rt 8.1",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.306"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.260"
},
{
"model": "flash player esr",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.329"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.2.202.569"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_10",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
}
],
"trust": 0.1
},
"cve": "CVE-2016-0999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0999",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0999",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-88509",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0999",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0999",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-182",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88509",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0999",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. This vulnerability CVE-2016-0987 , CVE-2016-0988 , CVE-2016-0990 , CVE-2016-0991 , CVE-2016-0994 , CVE-2016-0995 , CVE-2016-0996 , CVE-2016-0997 , CVE-2016-0998 ,and CVE-2016-1000 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following versions are affected: Adobe Flash Player Desktop Runtime 20.0.0.306 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player Extended Support Release 18.0.0.329 and earlier versions, AIR Desktop Runtime 20.0.0.260 and earlier versions, based on Windows, Macintosh , Adobe Flash Player for Google Chrome 20.0.0.306 and earlier versions on Linux and ChromeOS platforms, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.306 and earlier versions based on Windows 10 platform, and Adobe Flash Player for Windows 8.1-based platforms Internet Explorer 11 20.0.0.306 and earlier versions, Adobe Flash Player for Linux 11.2.202.569 and earlier versions based on Linux platforms, AIR SDK 20.0.0.260 and earlier versions based on Windows, Macintosh, Android and iOS platforms, AIR SDK \u0026 Compiler 20.0 .0.260 and earlier, AIR for Android 20.0.0.233 and earlier. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, or bypass security restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"www-plugins/adobe-flash-11.2.202.577\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960\n[ 2 ] CVE-2016-0961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961\n[ 3 ] CVE-2016-0962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962\n[ 4 ] CVE-2016-0963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963\n[ 5 ] CVE-2016-0964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964\n[ 6 ] CVE-2016-0965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965\n[ 7 ] CVE-2016-0966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966\n[ 8 ] CVE-2016-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967\n[ 9 ] CVE-2016-0968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968\n[ 10 ] CVE-2016-0969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969\n[ 11 ] CVE-2016-0970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970\n[ 12 ] CVE-2016-0971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971\n[ 13 ] CVE-2016-0972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972\n[ 14 ] CVE-2016-0973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973\n[ 15 ] CVE-2016-0974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974\n[ 16 ] CVE-2016-0975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975\n[ 17 ] CVE-2016-0976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976\n[ 18 ] CVE-2016-0977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977\n[ 19 ] CVE-2016-0978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978\n[ 20 ] CVE-2016-0979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979\n[ 21 ] CVE-2016-0980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980\n[ 22 ] CVE-2016-0981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981\n[ 23 ] CVE-2016-0982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982\n[ 24 ] CVE-2016-0983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983\n[ 25 ] CVE-2016-0984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984\n[ 26 ] CVE-2016-0985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985\n[ 27 ] CVE-2016-0986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986\n[ 28 ] CVE-2016-0987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987\n[ 29 ] CVE-2016-0988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988\n[ 30 ] CVE-2016-0989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989\n[ 31 ] CVE-2016-0990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990\n[ 32 ] CVE-2016-0991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991\n[ 33 ] CVE-2016-0992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992\n[ 34 ] CVE-2016-0993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993\n[ 35 ] CVE-2016-0994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994\n[ 36 ] CVE-2016-0995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995\n[ 37 ] CVE-2016-0996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996\n[ 38 ] CVE-2016-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997\n[ 39 ] CVE-2016-0998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998\n[ 40 ] CVE-2016-0999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999\n[ 41 ] CVE-2016-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000\n[ 42 ] CVE-2016-1001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001\n[ 43 ] CVE-2016-1002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002\n[ 44 ] CVE-2016-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005\n[ 45 ] CVE-2016-1010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: flash-plugin security update\nAdvisory ID: RHSA-2016:0438-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html\nIssue date: 2016-03-11\nCVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 \n CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 \n CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 \n CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 \n CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 \n CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 \n CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 \n CVE-2016-1005 CVE-2016-1010 \n=====================================================================\n\n1. Summary:\n\nAn updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nx86_64:\nflash-plugin-11.2.202.577-1.el6_7.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0960\nhttps://access.redhat.com/security/cve/CVE-2016-0961\nhttps://access.redhat.com/security/cve/CVE-2016-0962\nhttps://access.redhat.com/security/cve/CVE-2016-0963\nhttps://access.redhat.com/security/cve/CVE-2016-0986\nhttps://access.redhat.com/security/cve/CVE-2016-0987\nhttps://access.redhat.com/security/cve/CVE-2016-0988\nhttps://access.redhat.com/security/cve/CVE-2016-0989\nhttps://access.redhat.com/security/cve/CVE-2016-0990\nhttps://access.redhat.com/security/cve/CVE-2016-0991\nhttps://access.redhat.com/security/cve/CVE-2016-0992\nhttps://access.redhat.com/security/cve/CVE-2016-0993\nhttps://access.redhat.com/security/cve/CVE-2016-0994\nhttps://access.redhat.com/security/cve/CVE-2016-0995\nhttps://access.redhat.com/security/cve/CVE-2016-0996\nhttps://access.redhat.com/security/cve/CVE-2016-0997\nhttps://access.redhat.com/security/cve/CVE-2016-0998\nhttps://access.redhat.com/security/cve/CVE-2016-0999\nhttps://access.redhat.com/security/cve/CVE-2016-1000\nhttps://access.redhat.com/security/cve/CVE-2016-1001\nhttps://access.redhat.com/security/cve/CVE-2016-1002\nhttps://access.redhat.com/security/cve/CVE-2016-1005\nhttps://access.redhat.com/security/cve/CVE-2016-1010\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx\nfg/pDiOCh9x1HJhk/a+BDeA=\n=4hyN\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88509",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39611",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0999",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39611",
"trust": 1.8
},
{
"db": "BID",
"id": "84312",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136359",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88509",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0999",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"id": "VAR-201603-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:09.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"title": "APSB16-08",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/flash-player/apsb16-08.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome Releases",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/"
},
{
"title": "Google Chrome \u3092\u66f4\u65b0\u3059\u308b",
"trust": 0.8,
"url": "https://support.google.com/chrome/answer/95414?hl=ja"
},
{
"title": "Security Update for Adobe Flash Player (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/MS16-036.aspx"
},
{
"title": "Adobe Flash Player \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (3144756)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/MS16-036.aspx"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160314f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60541"
},
{
"title": "Red Hat: CVE-2016-0999",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0999"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0999 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0988 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0997 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0996 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0991 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0998 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0995 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0994 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0987 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-0990 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-1000 "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/CVE-Study "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/adobe-patches-23-vulnerabilities-in-todays-flash-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/84312"
},
{
"trust": 1.9,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39611/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035251"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0999"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160311-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160014.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0999"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0986"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0974"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0980"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0962"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0438.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0997"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0993"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0986"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0990"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88509"
},
{
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "PACKETSTORM",
"id": "136178"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-88509"
},
{
"date": "2016-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"date": "2016-03-14T14:50:59",
"db": "PACKETSTORM",
"id": "136202"
},
{
"date": "2016-03-11T23:23:00",
"db": "PACKETSTORM",
"id": "136178"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"date": "2016-03-12T15:59:20.027000",
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-88509"
},
{
"date": "2023-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0999"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001738"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-182"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136202"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-182"
}
],
"trust": 0.6
}
}