Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7645 (GCVE-0-2015-7645)
Vulnerability from cvelistv5 – Published: 2015-10-15 10:00 – Updated: 2025-10-21 23:55
VLAI
EPSS
CISA KEV
Summary
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
15 references
Date Public
2015-10-14 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: bbaf2475-2059-40ce-bc55-cd54e4e4b50c
Exploited: Yes
Timestamps
First Seen: 2022-03-03
Asserted: 2022-03-03
Scope
Notes: KEV entry: Adobe Flash Player Arbitrary Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-7645
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Flash Player |
| Due Date | 2022-03-24 |
| Date Added | 2022-03-03 |
| Vendorproject | Adobe |
| Vulnerabilityname | Adobe Flash Player Arbitrary Code Execution Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Created: 2026-02-02 13:25 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:57.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "38490",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "RHSA-2015:2024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "SUSE-SU-2015:1770",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "1033850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "SUSE-SU-2015:1771",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "77081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "GLSA-201511-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-7645",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:39:00.275480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:57.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-03T00:00:00.000Z",
"value": "CVE-2015-7645 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "RHSA-2015:1913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "38490",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "RHSA-2015:2024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "SUSE-SU-2015:1770",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "1033850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "SUSE-SU-2015:1771",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "77081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "GLSA-201511-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1913",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "38490",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "RHSA-2015:2024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "SUSE-SU-2015:1770",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "1033850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "SUSE-SU-2015:1771",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "77081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77081"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "GLSA-201511-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"name": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2015-7645",
"datePublished": "2015-10-15T10:00:00.000Z",
"dateReserved": "2015-10-01T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:57.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2015-7645",
"dateAdded": "2022-03-03",
"dueDate": "2022-03-24",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645",
"product": "Flash Player",
"requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability"
},
"epss": {
"cve": "CVE-2015-7645",
"date": "2026-06-03",
"epss": "0.85171",
"percentile": "0.99371"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-7645\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2015-10-15T10:59:10.530\",\"lastModified\":\"2026-04-22T12:22:49.777\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player 18.x hasta la versi\u00f3n 18.0.0.252 y 19.x hasta la versi\u00f3n 19.0.0.207 en Windows y OS X y 11.x hasta la versi\u00f3n 11.2.202.535 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF manipulado, como se explot\u00f3 activamente en octubre de 2015.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-03-03\",\"cisaActionDue\":\"2022-03-24\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Adobe Flash Player Arbitrary Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0.160\",\"versionEndIncluding\":\"18.0.0.252\",\"matchCriteriaId\":\"986F7189-290F-464C-8F06-14406601BA90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"130D56D9-BFAD-44AB-BA04-1E6E2F18A049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CE2650-25EB-446E-B2C9-631177740E87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.2.202.535\",\"matchCriteriaId\":\"3706105E-4503-46C2-B909-86663EAD8590\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED68ADD-BBDA-4485-BC76-58F011D72311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"967EC28A-607F-48F4-AD64-5E3041C768F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8821E5FE-319D-40AB-A515-D56C1893E6F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE981D4-0CA1-46FA-8E91-E1A4D5B31383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}],\"references\":[{\"url\":\"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1913.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2024.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77081\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033850\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://security.gentoo.org/glsa/201511-02\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/38490/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1913.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://security.gentoo.org/glsa/201511-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/38490/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1913.html\", \"name\": \"RHSA-2015:1913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38490/\", \"name\": \"38490\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2024.html\", \"name\": \"RHSA-2015:2024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html\", \"name\": \"SUSE-SU-2015:1770\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1033850\", \"name\": \"1033850\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html\", \"name\": \"SUSE-SU-2015:1771\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/77081\", \"name\": \"77081\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201511-02\", \"name\": \"GLSA-201511-02\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html\", \"name\": \"openSUSE-SU-2015:1768\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html\", \"name\": \"openSUSE-SU-2015:1781\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T07:58:57.710Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2015-7645\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:39:00.275480Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2015-7645 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:38:59.134Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2015-10-14T00:00:00.000Z\", \"references\": [{\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1913.html\", \"name\": \"RHSA-2015:1913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38490/\", \"name\": \"38490\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2024.html\", \"name\": \"RHSA-2015:2024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html\", \"name\": \"SUSE-SU-2015:1770\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securitytracker.com/id/1033850\", \"name\": \"1033850\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html\", \"name\": \"SUSE-SU-2015:1771\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securityfocus.com/bid/77081\", \"name\": \"77081\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.gentoo.org/glsa/201511-02\", \"name\": \"GLSA-201511-02\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html\", \"name\": \"openSUSE-SU-2015:1768\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html\", \"name\": \"openSUSE-SU-2015:1781\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2017-06-30T16:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1913.html\", \"name\": \"RHSA-2015:1913\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.exploit-db.com/exploits/38490/\", \"name\": \"38490\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2024.html\", \"name\": \"RHSA-2015:2024\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\", \"name\": \"https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html\", \"name\": \"SUSE-SU-2015:1770\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securitytracker.com/id/1033850\", \"name\": \"1033850\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html\", \"name\": \"SUSE-SU-2015:1771\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securityfocus.com/bid/77081\", \"name\": \"77081\", \"refsource\": \"BID\"}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\", \"name\": \"https://helpx.adobe.com/security/products/flash-player/apsb15-27.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.gentoo.org/glsa/201511-02\", \"name\": \"GLSA-201511-02\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\", \"name\": \"http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html\", \"name\": \"openSUSE-SU-2015:1768\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html\", \"name\": \"openSUSE-SU-2015:1781\", \"refsource\": \"SUSE\"}, {\"url\": \"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\", \"name\": \"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2015-7645\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2015-7645\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:57.550Z\", \"dateReserved\": \"2015-10-01T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2015-10-15T10:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программной платформы Flash Player связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного SWF-файла
Severity
Vendor
Adobe Systems Inc.
Software Name
Flash Player
Software Version
от 18.0 до 18.0.0.252 включительно (Flash Player), от 19.0 до 19.0.0.207 включительно (Flash Player), от 11.0 до 11.2.202.535 включительно (Flash Player)
Possible Mitigations
Использование рекомендаций производителя:
https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
Reference
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Adobe Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 18.0 \u0434\u043e 18.0.0.252 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Flash Player), \u043e\u0442 19.0 \u0434\u043e 19.0.0.207 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Flash Player), \u043e\u0442 11.0 \u0434\u043e 11.2.202.535 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Flash Player)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.10.2015",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.09.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.10.2015",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-11791",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-7645",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Flash Player",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . PowerPC, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit, Apple Inc. MacOS X PowerPC, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . ARM, Microsoft Corp Windows - ARM, Apple Inc. MacOS X ARM",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Flash Player, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Flash Player \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e SWF-\u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html\nhttp://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}
CERTFR-2015-ALE-011
Vulnerability from certfr_alerte - Published: 2015-10-14 - Updated: 2015-10-19
Une vulnérabilité a été découverte dans Adobe Flash
Player. Elle permet à un attaquant de provoquer une exécution de
code arbitraire à distance.
Cette vulnérabilité est activement exploitée dans le cadre d'attaques
ciblées.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player 11.2.202.535 et versions ant\u00e9rieures pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player ESR 18.0.0.252 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player 19.0.0.207 et versions ant\u00e9rieures pour Windows et Macintosh",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2015-10-19",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7645"
}
],
"initial_release_date": "2015-10-14T00:00:00",
"last_revision_date": "2015-10-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA15-05 du 14 octobre 2015",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe du 16 octobre 2015",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"title": "EMET 5.2",
"url": "https://technet.microsoft.com/fr-fr/security/jj653751"
},
{
"title": "D\u00e9ploiement et configuration centralis\u00e9s d\u0027EMET pour le durcissement des postes de travail et des serveurs Microsoft Windows",
"url": "http://www.ssi.gouv.fr/administration/guide/deploiement-et-configuration-centralises-demet-pour-le-durcissement-des-postes-de-travail-et-des-serveurs-microsoft-windows/"
}
],
"reference": "CERTFR-2015-ALE-011",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2015-10-14T00:00:00.000000"
},
{
"description": "ajout d\u0027informations compl\u00e9mentaires issues du bulletin publi\u00e9 par Adobe.",
"revision_date": "2015-10-15T00:00:00.000000"
},
{
"description": "clot\u00fbre de l\u0027alerte",
"revision_date": "2015-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eAdobe Flash\nPlayer\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance. \nCette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le cadre d\u0027attaques\ncibl\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Article de Trend Micro du 13 octobre 2015",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
]
}
CERTFR-2015-AVI-434
Vulnerability from certfr_avis - Published: 2015-10-19 - Updated: 2015-10-19
De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player 11.2.202.535 et versions ant\u00e9rieures pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player ESR 18.0.0.252 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player 19.0.0.207 et versions ant\u00e9rieures pour Windows et Macintosh",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7647",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7647"
},
{
"name": "CVE-2015-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7648"
},
{
"name": "CVE-2015-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7645"
}
],
"initial_release_date": "2015-10-19T00:00:00",
"last_revision_date": "2015-10-19T00:00:00",
"links": [
{
"title": "CERTFR-2015-ALE-011",
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2015-ALE-011/index.html"
}
],
"reference": "CERTFR-2015-AVI-434",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe du 16 octobre 2015",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
}
]
}
Title
Adobe Flash Player远程代码执行漏洞(CNVD-2015-06779)
Description
FlashPlayer是一款高性能的、轻量型且极具表现力的客户端运行时播放器。
Adobe Flash Player 19.0.0.207及更早版本在实现上存在安全漏洞。攻击者利用该漏洞可造成受影响应用崩溃、控制受影响系统。
Severity
高
Patch Name
Adobe Flash Player远程代码执行漏洞(CNVD-2015-06779)的补丁
Patch Description
FlashPlayer是一款高性能的、轻量型且极具表现力的客户端运行时播放器。
Adobe Flash Player 19.0.0.207及更早版本在实现上存在安全漏洞。攻击者利用该漏洞可造成受影响应用崩溃、控制受影响系统。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Reference
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Impacted products
| Name | Adobe Flash Player <=19.0.0.207 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-7645"
}
},
"description": "FlashPlayer\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u3001\u8f7b\u91cf\u578b\u4e14\u6781\u5177\u8868\u73b0\u529b\u7684\u5ba2\u6237\u7aef\u8fd0\u884c\u65f6\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player 19.0.0.207\u53ca\u66f4\u65e9\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u5d29\u6e83\u3001\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002",
"discovererName": "Peter Pi of Trend Micro",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-06779",
"openTime": "2015-10-22",
"patchDescription": "FlashPlayer\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u3001\u8f7b\u91cf\u578b\u4e14\u6781\u5177\u8868\u73b0\u529b\u7684\u5ba2\u6237\u7aef\u8fd0\u884c\u65f6\u64ad\u653e\u5668\u3002\r\nAdobe Flash Player 19.0.0.207\u53ca\u66f4\u65e9\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u5d29\u6e83\u3001\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Adobe Flash Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2015-06779\uff09\u7684\u8865\u4e01",
"products": {
"product": "Adobe Flash Player \u003c=19.0.0.207"
},
"referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"serverity": "\u9ad8",
"submitTime": "2015-10-21",
"title": "Adobe Flash Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2015-06779\uff09"
}
FKIE_CVE-2015-7645
Vulnerability from fkie_nvd - Published: 2015-10-15 10:59 - Updated: 2026-04-22 12:22
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | flash_player | * | |
| adobe | flash_player | 19.0.0.185 | |
| adobe | flash_player | 19.0.0.207 | |
| apple | mac_os_x | - | |
| microsoft | windows | - | |
| adobe | flash_player | * | |
| linux | linux_kernel | - | |
| opensuse | evergreen | 11.4 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_workstation_extension | 12 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 6.7 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_from_rhui | 5.0 | |
| redhat | enterprise_linux_server_from_rhui | 6.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"cisaVulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986F7189-290F-464C-8F06-14406601BA90",
"versionEndIncluding": "18.0.0.252",
"versionStartIncluding": "18.0.0.160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*",
"matchCriteriaId": "130D56D9-BFAD-44AB-BA04-1E6E2F18A049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CE2650-25EB-446E-B2C9-631177740E87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3706105E-4503-46C2-B909-86663EAD8590",
"versionEndIncluding": "11.2.202.535",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
"matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8821E5FE-319D-40AB-A515-D56C1893E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
},
{
"lang": "es",
"value": "Adobe Flash Player 18.x hasta la versi\u00f3n 18.0.0.252 y 19.x hasta la versi\u00f3n 19.0.0.207 en Windows y OS X y 11.x hasta la versi\u00f3n 11.2.202.535 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF manipulado, como se explot\u00f3 activamente en octubre de 2015."
}
],
"id": "CVE-2015-7645",
"lastModified": "2026-04-22T12:22:49.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-10-15T10:59:10.530",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77081"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033850"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-67J3-P5PQ-JGR7
Vulnerability from github – Published: 2022-05-17 02:38 – Updated: 2025-10-22 00:31
VLAI
Details
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2015-7645"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-15T10:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"id": "GHSA-67j3-p5pq-jgr7",
"modified": "2025-10-22T00:31:11Z",
"published": "2022-05-17T02:38:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/38490"
},
{
"type": "WEB",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/77081"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033850"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2015-7645
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-7645",
"description": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"id": "GSD-2015-7645",
"references": [
"https://www.suse.com/security/cve/CVE-2015-7645.html",
"https://access.redhat.com/errata/RHSA-2015:2024",
"https://access.redhat.com/errata/RHSA-2015:1913",
"https://advisories.mageia.org/CVE-2015-7645.html",
"https://packetstormsecurity.com/files/cve/CVE-2015-7645"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-7645"
],
"details": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"id": "GSD-2015-7645",
"modified": "2023-12-13T01:20:01.753424Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2015-7645",
"dateAdded": "2022-03-03",
"dueDate": "2022-03-24",
"product": "Flash Player",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1913",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "38490",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "RHSA-2015:2024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "SUSE-SU-2015:1770",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "1033850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "SUSE-SU-2015:1771",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "77081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77081"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "GLSA-201511-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"name": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.207",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.202.535",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7645"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
"refsource": "MISC",
"tags": [],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "77081",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/77081"
},
{
"name": "RHSA-2015:2024",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name": "RHSA-2015:1913",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "1033850",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "SUSE-SU-2015:1770",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "SUSE-SU-2015:1771",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "38490",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "GLSA-201511-02",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201511-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-07-01T01:29Z",
"publishedDate": "2015-10-15T10:59Z"
}
}
}
RHSA-2015:1913
Vulnerability from csaf_redhat - Published: 2015-10-16 21:43 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: flash-plugin security update
Severity
Critical
Notes
Topic: An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes three vulnerabilities in Adobe Flash Player. These
vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed
in the References section, could allow an attacker to create a specially
crafted SWF file that would cause flash-plugin to crash, execute arbitrary
code, or disclose sensitive information when the victim loaded a page
containing the malicious SWF content. (CVE-2015-7645, CVE-2015-7647,
CVE-2015-7648)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.540.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
6.8 ()
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
6.8 ()
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
6.8 ()
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes three security issues is\nnow available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes three vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-7645, CVE-2015-7647,\nCVE-2015-7648)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.540.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1913",
"url": "https://access.redhat.com/errata/RHSA-2015:1913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"category": "external",
"summary": "1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1913.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:46+00:00",
"generator": {
"date": "2025-11-21T17:53:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1913",
"initial_release_date": "2015-10-16T21:43:59+00:00",
"revision_history": [
{
"date": "2015-10-16T21:43:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-10-16T21:43:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"product": {
"name": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"product_id": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@11.2.202.540-1.el6_7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.540-1.el6_7.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
},
"product_reference": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.540-1.el6_7.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
},
"product_reference": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.540-1.el6_7.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
},
"product_reference": "flash-plugin-0:11.2.202.540-1.el6_7.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7645",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7645"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-16T21:43:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1913"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
},
{
"cve": "CVE-2015-7647",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-7648.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7647"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7647",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7647"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-16T21:43:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1913"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
},
{
"cve": "CVE-2015-7648",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-7647.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7648"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7648"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-16T21:43:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1913"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Server-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686",
"6Workstation-Supplementary-6.7.z:flash-plugin-0:11.2.202.540-1.el6_7.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
}
]
}
RHSA-2015:2024
Vulnerability from csaf_redhat - Published: 2015-11-11 11:21 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: flash-plugin security update
Severity
Critical
Notes
Topic: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities, detailed in the Adobe Security Bulletins APSB15-25,
APSB15-27, and APSB15-28 listed in the References section, could allow an
attacker to create a specially crafted SWF file that would cause
flash-plugin to crash, execute arbitrary code, or disclose sensitive
information when the victim loaded a page containing the malicious SWF
content. (CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627,
CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632,
CVE-2015-7633, CVE-2015-7634, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637,
CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642,
CVE-2015-7643, CVE-2015-7644, CVE-2015-7645, CVE-2015-7647, CVE-2015-7648,
CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655,
CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660,
CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043,
CVE-2015-8044, CVE-2015-8046)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.548.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 improperly implement the Flash broker API, which has unspecified impact and attack vectors.
4.3 ()
Affected products
Threats
Impact
Moderate
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
4.3 ()
Affected products
Threats
Impact
Moderate
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextFormat object with a crafted tabStops property, a different vulnerability than CVE-2015-7631, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7633.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7643, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7643.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
6.8 ()
Affected products
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8044.
6.8 ()
Affected products
Threats
Impact
Critical
References
142 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletins APSB15-25,\nAPSB15-27, and APSB15-28 listed in the References section, could allow an\nattacker to create a specially crafted SWF file that would cause\nflash-plugin to crash, execute arbitrary code, or disclose sensitive\ninformation when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627,\nCVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632,\nCVE-2015-7633, CVE-2015-7634, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637,\nCVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642,\nCVE-2015-7643, CVE-2015-7644, CVE-2015-7645, CVE-2015-7647, CVE-2015-7648,\nCVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655,\nCVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660,\nCVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043,\nCVE-2015-8044, CVE-2015-8046)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.548.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2024",
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
},
{
"category": "external",
"summary": "1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "1271388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271388"
},
{
"category": "external",
"summary": "1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2024.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:56+00:00",
"generator": {
"date": "2025-11-21T17:53:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:2024",
"initial_release_date": "2015-11-11T11:21:16+00:00",
"revision_history": [
{
"date": "2015-11-11T11:21:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-11-11T11:21:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:11.2.202.548-1.el5.i386",
"product": {
"name": "flash-plugin-0:11.2.202.548-1.el5.i386",
"product_id": "flash-plugin-0:11.2.202.548-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@11.2.202.548-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.548-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
},
"product_reference": "flash-plugin-0:11.2.202.548-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.548-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
},
"product_reference": "flash-plugin-0:11.2.202.548-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5569",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271388"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 improperly implement the Flash broker API, which has unspecified impact and attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: information leak and hardening fixes in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5569"
},
{
"category": "external",
"summary": "RHBZ#1271388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5569"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flash-plugin: information leak and hardening fixes in APSB15-25"
},
{
"cve": "CVE-2015-7625",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7625"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7625"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7625",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7625"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7626",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7626"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7626"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7626"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7627",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7627"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7627"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7627"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7628",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271388"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: information leak and hardening fixes in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7628"
},
{
"category": "external",
"summary": "RHBZ#1271388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7628"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flash-plugin: information leak and hardening fixes in APSB15-25"
},
{
"cve": "CVE-2015-7629",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextFormat object with a crafted tabStops property, a different vulnerability than CVE-2015-7631, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7629"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7629"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7630",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7630"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7630",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7630"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7631",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7631"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7631",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7631"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7632",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7632"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7632"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7633",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7633"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7633"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7634",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7633.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7634"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7634",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7634"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7635",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7635"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7635"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7636",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7636"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7636"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7637",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7637"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7637"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7638",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7638"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7638"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7639",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7639"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7639"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7640",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7640"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7640"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7641",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7641"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7641"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7641"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7642",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7643, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7642"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7642"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7643",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7643"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7643"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7644",
"discovery_date": "2015-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271383"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK \u0026 Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7643.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-25",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7644"
},
{
"category": "external",
"summary": "RHBZ#1271383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7644"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
],
"release_date": "2015-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-25"
},
{
"cve": "CVE-2015-7645",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7645"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
},
{
"cve": "CVE-2015-7647",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-7648.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7647"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7647",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7647"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
},
{
"cve": "CVE-2015-7648",
"discovery_date": "2015-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1271966"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-7647.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issue fixed in APSB15-27",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7648"
},
{
"category": "external",
"summary": "RHBZ#1271966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7648"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
}
],
"release_date": "2015-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issue fixed in APSB15-27"
},
{
"cve": "CVE-2015-7651",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7651"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7651",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7651"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7652",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7652"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7652"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7653",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7653"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7653",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7653"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7653",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7653"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7654",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7654"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7654"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7655",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7655"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7655"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7656",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7656"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7656"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7657",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7657"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7657"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7658",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7658"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7658"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7659",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion\" in the NetConnection object implementation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7659"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7659"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7660",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7660"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7660"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7661",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7661"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7661"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7661"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7662",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7662"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7662"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-7663",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7663"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7663"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-8042",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8042"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8042"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-8043",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8043"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8043"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-8044",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8044"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8044"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
},
{
"cve": "CVE-2015-8046",
"discovery_date": "2015-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1280062"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK \u0026 Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8044.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple code execution issues fixed in APSB15-28",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8046"
},
{
"category": "external",
"summary": "RHBZ#1280062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8046"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html"
}
],
"release_date": "2015-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-11T11:21:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2024"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386",
"5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.548-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple code execution issues fixed in APSB15-28"
}
]
}
SUSE-SU-2015:1770-1
Vulnerability from csaf_suse - Published: 2015-10-16 12:01 - Updated: 2015-10-16 12:01Summary
Security update for flash-player
Severity
Critical
Notes
Title of the patch: Security update for flash-player
Description of the patch: flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
Patchnames: SUSE-SLE-DESKTOP-12-2015-707,SUSE-SLE-WE-12-2015-707
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.540-108.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.540-108.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.540-108.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.540-108.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for flash-player",
"title": "Title of the patch"
},
{
"category": "description",
"text": "flash-player was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-707,SUSE-SLE-WE-12-2015-707",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1770-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1770-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151770-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1770-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-October/001632.html"
},
{
"category": "self",
"summary": "SUSE Bug 950474",
"url": "https://bugzilla.suse.com/950474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7645/"
}
],
"title": "Security update for flash-player",
"tracking": {
"current_release_date": "2015-10-16T12:01:08Z",
"generator": {
"date": "2015-10-16T12:01:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1770-1",
"initial_release_date": "2015-10-16T12:01:08Z",
"revision_history": [
{
"date": "2015-10-16T12:01:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flash-player-11.2.202.540-108.1.x86_64",
"product": {
"name": "flash-player-11.2.202.540-108.1.x86_64",
"product_id": "flash-player-11.2.202.540-108.1.x86_64"
}
},
{
"category": "product_version",
"name": "flash-player-gnome-11.2.202.540-108.1.x86_64",
"product": {
"name": "flash-player-gnome-11.2.202.540-108.1.x86_64",
"product_id": "flash-player-gnome-11.2.202.540-108.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12",
"product_id": "SUSE Linux Enterprise Workstation Extension 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-player-11.2.202.540-108.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.540-108.1.x86_64"
},
"product_reference": "flash-player-11.2.202.540-108.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-player-gnome-11.2.202.540-108.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.540-108.1.x86_64"
},
"product_reference": "flash-player-gnome-11.2.202.540-108.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-player-11.2.202.540-108.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12",
"product_id": "SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.540-108.1.x86_64"
},
"product_reference": "flash-player-11.2.202.540-108.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-player-gnome-11.2.202.540-108.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12",
"product_id": "SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.540-108.1.x86_64"
},
"product_reference": "flash-player-gnome-11.2.202.540-108.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7645"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.540-108.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7645",
"url": "https://www.suse.com/security/cve/CVE-2015-7645"
},
{
"category": "external",
"summary": "SUSE Bug 950474 for CVE-2015-7645",
"url": "https://bugzilla.suse.com/950474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.540-108.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.540-108.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.540-108.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-10-16T12:01:08Z",
"details": "critical"
}
],
"title": "CVE-2015-7645"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…