FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517352
Date:      2019-11-12
Time:      21:38:20Z
Committer: gjb

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
547fbd98-8b1f-11e5-b48b-bcaec565249cflash -- multiple vulnerabilities

Adobe reports:

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).

These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).


Discovery 2015-11-10
Entry 2015-11-14
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.548

https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
CVE-2015-7651
CVE-2015-7652
CVE-2015-7653
CVE-2015-7654
CVE-2015-7655
CVE-2015-7656
CVE-2015-7657
CVE-2015-7658
CVE-2015-7659
CVE-2015-7660
CVE-2015-7661
CVE-2015-7662
CVE-2015-7663
CVE-2015-8043
CVE-2015-8044
CVE-2015-8046
0c6b008d-35c4-11e6-8e82-002590263bf5flash -- multiple vulnerabilities

Adobe reports:

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121).

These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163).

These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116).


Discovery 2016-05-12
Entry 2016-06-19
linux-c6-flashplugin
linux-c6_64-flashplugin
linux-f10-flashplugin
lt 11.2r202.621

CVE-2016-1096
CVE-2016-1097
CVE-2016-1098
CVE-2016-1099
CVE-2016-1100
CVE-2016-1101
CVE-2016-1102
CVE-2016-1103
CVE-2016-1104
CVE-2016-1105
CVE-2016-1106
CVE-2016-1107
CVE-2016-1108
CVE-2016-1109
CVE-2016-1110
CVE-2016-4108
CVE-2016-4109
CVE-2016-4110
CVE-2016-4111
CVE-2016-4112
CVE-2016-4113
CVE-2016-4114
CVE-2016-4115
CVE-2016-4116
CVE-2016-4117
CVE-2016-4120
CVE-2016-4121
CVE-2016-4160
CVE-2016-4161
CVE-2016-4162
CVE-2016-4163
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
de6d01d5-9c44-11e6-ba67-0011d823eebdflash -- remote code execution

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.


Discovery 2016-10-26
Entry 2016-10-27
linux-f10-flashplugin
linux-c6-flashplugin
linux-c7-flashplugin
lt 11.2r202.643

CVE-2016-7855
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
8d2d6bbd-2a02-11e5-a0af-bcaec565249cAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly.


Discovery 2015-07-10
Entry 2015-07-14
Modified 2015-07-16
linux-c6-flashplugin
lt 11.2r202.491

linux-f10-flashplugin
lt 11.2r202.491

CVE-2015-5122
CVE-2015-5123
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
96f6bf10-a731-11e6-95ca-0011d823eebdflash -- multiple vulnerabilities

Adobe reports:

  • These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).

Discovery 2016-11-08
Entry 2016-11-10
linux-c6-flashplugin
linux-c7-flashplugin
linux-f10-flashplugin
lt 11.2r202.644

https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
CVE-2016-7857
CVE-2016-7858
CVE-2016-7859
CVE-2016-7860
CVE-2016-7861
CVE-2016-7862
CVE-2016-7863
CVE-2016-7864
CVE-2016-7865
f3778328-d288-4b39-86a4-65877331eaf7Adobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).

These updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).


Discovery 2015-08-11
Entry 2015-08-12
linux-c6-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.508

linux-f10-flashplugin
lt 11.2r202.508

CVE-2015-5553
CVE-2015-5554
CVE-2015-5555
CVE-2015-5556
CVE-2015-5557
CVE-2015-3107
CVE-2015-5124
CVE-2015-5125
CVE-2015-5127
CVE-2015-5128
CVE-2015-5129
CVE-2015-5130
CVE-2015-5131
CVE-2015-5132
CVE-2015-5133
CVE-2015-5134
CVE-2015-5539
CVE-2015-5540
CVE-2015-5541
CVE-2015-5544
CVE-2015-5545
CVE-2015-5546
CVE-2015-5547
CVE-2015-5548
CVE-2015-5549
CVE-2015-5550
CVE-2015-5551
CVE-2015-5552
CVE-2015-5558
CVE-2015-5559
CVE-2015-5560
CVE-2015-5561
CVE-2015-5562
CVE-2015-5563
CVE-2015-5564
https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
348bfa69-25a2-11e5-ade1-0011d823eebdAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.


Discovery 2015-07-07
Entry 2015-07-08
linux-c6-flashplugin
lt 11.2r202.481

linux-f10-flashplugin
lt 11.2r202.481

https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
CVE-2015-5119
e206df57-f97b-11e4-b799-c485083ca99cAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).

These updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).

These updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).

These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.


Discovery 2015-05-12
Entry 2015-05-13
linux-c6-flashplugin
le 11.2r202.457

linux-f10-flashplugin
le 11.2r202.457

CVE-2015-3044
CVE-2015-3077
CVE-2015-3078
CVE-2015-3079
CVE-2015-3080
CVE-2015-3081
CVE-2015-3082
CVE-2015-3083
CVE-2015-3084
CVE-2015-3085
CVE-2015-3086
CVE-2015-3087
CVE-2015-3088
CVE-2015-3089
CVE-2015-3090
CVE-2015-3091
CVE-2015-3092
CVE-2015-3093
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
1e63db88-1050-11e5-a4df-c485083ca99cAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

These updates resolve a vulnerability (CVE-2015-3096) that could be exploited to bypass the fix for CVE-2014-5333.

These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097).

These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).

These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-3100).

These updates resolve a permission issue in the Flash broker for Internet Explorer that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-3101).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3104).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2015-3105).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).

These updates resolve a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108).


Discovery 2015-06-09
Entry 2015-06-11
linux-c6-flashplugin
lt 11.2r202.466

linux-f10-flashplugin
lt 11.2r202.466

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
CVE-2015-3096
CVE-2015-3097
CVE-2015-3098
CVE-2015-3099
CVE-2015-3100
CVE-2015-3101
CVE-2015-3102
CVE-2015-3103
CVE-2015-3104
CVE-2015-3105
CVE-2015-3106
CVE-2015-3107
CVE-2015-3108
d02f6b01-1a3f-11e5-8bd6-c485083ca99cAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.


Discovery 2015-06-23
Entry 2015-06-24
linux-c6-flashplugin
lt 11.2r202.466

linux-f10-flashplugin
lt 11.2r202.466

https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
CVE-2015-3113
5d8e56c3-9e67-4d5b-81c9-3a409dfd705fflash -- multiple vulnerabilities

Adobe reports:

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2016-0985).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).

These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981).


Discovery 2016-02-09
Entry 2016-02-10
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.569

CVE-2016-0964
CVE-2016-0965
CVE-2016-0966
CVE-2016-0967
CVE-2016-0968
CVE-2016-0969
CVE-2016-0970
CVE-2016-0971
CVE-2016-0972
CVE-2016-0973
CVE-2016-0974
CVE-2016-0975
CVE-2016-0976
CVE-2016-0977
CVE-2016-0978
CVE-2016-0979
CVE-2016-0980
CVE-2016-0981
CVE-2016-0982
CVE-2016-0983
CVE-2016-0984
CVE-2016-0985
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
2482c798-93c6-11e6-846f-bc5ff4fb5ea1flash -- multiple vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2016-6992).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-6981, CVE-2016-6987).

These updates resolve a security bypass vulnerability (CVE-2016-4286).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990).


Discovery 2016-10-11
Entry 2016-10-24
linux-c6-flashplugin
linux-c6_64-flashplugin
linux-c7-flashplugin
linux-f10-flashplugin
lt 11.2r202.637

CVE-2016-4273
CVE-2016-4286
CVE-2016-6981
CVE-2016-6982
CVE-2016-6983
CVE-2016-6984
CVE-2016-6985
CVE-2016-6986
CVE-2016-6987
CVE-2016-6989
CVE-2016-6990
CVE-2016-6992
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
84c7ea88-bf04-4bdc-973b-36744bf540abflash -- multiple vulnerabilities

Adobe reports:

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).


Discovery 2015-12-28
Entry 2015-12-29
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.559

CVE-2015-8459
CVE-2015-8460
CVE-2015-8634
CVE-2015-8636
CVE-2015-8638
CVE-2015-8639
CVE-2015-8640
CVE-2015-8641
CVE-2015-8642
CVE-2015-8643
CVE-2015-8644
CVE-2015-8645
CVE-2015-8646
CVE-2015-8647
CVE-2015-8648
CVE-2015-8649
CVE-2015-8650
CVE-2015-8651
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
a63f2c06-726b-11e5-a12b-bcaec565249cflash -- multiple vulnerabilities

Adobe reports:

These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).

These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).


Discovery 2015-10-13
Entry 2015-10-14
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.535

CVE-2015-5569
CVE-2015-7625
CVE-2015-7626
CVE-2015-7627
CVE-2015-7628
CVE-2015-7629
CVE-2015-7630
CVE-2015-7631
CVE-2015-7632
CVE-2015-7633
CVE-2015-7634
CVE-2015-7643
CVE-2015-7644
https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
cc294a2c-a232-11e4-8e9f-0011d823eebdAdobe Flash Player -- multiple vulnerabilities

Adobe reports:

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.


Discovery 2015-01-13
Entry 2015-01-22
linux-c6-flashplugin
lt 11.2r202.429

linux-f10-flashplugin
lt 11.2r202.429

CVE-2015-0301
CVE-2015-0302
CVE-2015-0303
CVE-2015-0304
CVE-2015-0305
CVE-2015-0306
CVE-2015-0307
CVE-2015-0308
CVE-2015-0309
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
84147b46-e876-486d-b746-339ee45a8bb9flash -- remote code execution

Adobe reports:

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648).


Discovery 2015-10-16
Entry 2015-10-16
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.540

CVE-2015-7645
CVE-2015-7647
CVE-2015-7648
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
a522d6ac-4aed-11e6-97ea-002590263bf5flash -- multiple vulnerabilities

Adobe reports:

These updates resolve a race condition vulnerability that could lead to information disclosure (CVE-2016-4247).

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248).

These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4249).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246).

These updates resolve a memory leak vulnerability (CVE-2016-4232).

These updates resolve stack corruption vulnerabilities that could lead to code execution (CVE-2016-4176, CVE-2016-4177).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178).


Discovery 2016-07-12
Entry 2016-07-16
linux-c6-flashplugin
linux-c6_64-flashplugin
linux-f10-flashplugin
lt 11.2r202.632

CVE-2016-4172
CVE-2016-4173
CVE-2016-4174
CVE-2016-4175
CVE-2016-4176
CVE-2016-4177
CVE-2016-4178
CVE-2016-4179
CVE-2016-4180
CVE-2016-4181
CVE-2016-4182
CVE-2016-4183
CVE-2016-4184
CVE-2016-4185
CVE-2016-4186
CVE-2016-4187
CVE-2016-4188
CVE-2016-4189
CVE-2016-4190
CVE-2016-4217
CVE-2016-4218
CVE-2016-4219
CVE-2016-4220
CVE-2016-4221
CVE-2016-4222
CVE-2016-4223
CVE-2016-4224
CVE-2016-4225
CVE-2016-4226
CVE-2016-4227
CVE-2016-4228
CVE-2016-4229
CVE-2016-4230
CVE-2016-4231
CVE-2016-4232
CVE-2016-4233
CVE-2016-4234
CVE-2016-4235
CVE-2016-4236
CVE-2016-4237
CVE-2016-4238
CVE-2016-4239
CVE-2016-4240
CVE-2016-4241
CVE-2016-4242
CVE-2016-4243
CVE-2016-4244
CVE-2016-4245
CVE-2016-4246
CVE-2016-4247
CVE-2016-4248
CVE-2016-4249
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
37a87ade-a59f-11e4-958e-0011d823eebdAdobe Flash Player -- critical vulnerability

Adobe reports:

Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.


Discovery 2015-01-22
Entry 2015-01-26
linux-c6-flashplugin
le 11.2r202.438

linux-f10-flashplugin
le 11.2r202.438

CVE-2015-0311
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
f7b3d1eb-f738-11e5-a710-0011d823eebdflash -- multiple vulnerabilities

Adobe reports:

These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2016-1001).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).


Discovery 2016-03-10
Entry 2016-03-31
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.577

CVE-2016-0960
CVE-2016-0961
CVE-2016-0962
CVE-2016-0963
CVE-2016-0986
CVE-2016-0987
CVE-2016-0988
CVE-2016-0989
CVE-2016-0990
CVE-2016-0991
CVE-2016-0992
CVE-2016-0993
CVE-2016-0994
CVE-2016-0995
CVE-2016-0996
CVE-2016-0997
CVE-2016-0998
CVE-2016-0999
CVE-2016-1000
CVE-2016-1001
CVE-2016-1002
CVE-2016-1005
CVE-2016-1010
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
4e3e8a50-65c1-11e5-948e-bcaec565249cflash -- multiple vulnerabilities

Adobe reports:

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-5573).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6676, CVE-2015-6678).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677).

These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2015-5571).

These updates resolve a memory leak vulnerability (CVE-2015-5576).

These updates include further hardening to a mitigation to defend against vector length corruptions (CVE-2015-5568).

These updates resolve stack corruption vulnerabilities that could lead to code execution (CVE-2015-5567, CVE-2015-5579).

These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-5587).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572).

These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679).


Discovery 2015-09-21
Entry 2015-09-28
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.521

CVE-2015-5567
CVE-2015-5568
CVE-2015-5570
CVE-2015-5571
CVE-2015-5572
CVE-2015-5573
CVE-2015-5574
CVE-2015-5575
CVE-2015-5576
CVE-2015-5577
CVE-2015-5578
CVE-2015-5588
CVE-2015-6676
CVE-2015-6677
CVE-2015-6678
CVE-2015-6679
CVE-2015-6682
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
c8842a84-9ddd-11e5-8c2f-c485083ca99cflash -- multiple vulnerabilities

Adobe reports:

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8053, CVE-2015-8045, CVE-2015-8051, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).

These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409).

These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407).

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8052, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).


Discovery 2015-12-08
Entry 2015-12-08
linux-c6-flashplugin
linux-f10-flashplugin
linux-c6_64-flashplugin
lt 11.2r202.554

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
CVE-2015-8045
CVE-2015-8047
CVE-2015-8048
CVE-2015-8049
CVE-2015-8050
CVE-2015-8051
CVE-2015-8052
CVE-2015-8053
CVE-2015-8054
CVE-2015-8055
CVE-2015-8056
CVE-2015-8057
CVE-2015-8058
CVE-2015-8059
CVE-2015-8060
CVE-2015-8061
CVE-2015-8062
CVE-2015-8063
CVE-2015-8064
CVE-2015-8065
CVE-2015-8066
CVE-2015-8067
CVE-2015-8068
CVE-2015-8069
CVE-2015-8070
CVE-2015-8071
CVE-2015-8401
CVE-2015-8402
CVE-2015-8403
CVE-2015-8404
CVE-2015-8405
CVE-2015-8406
CVE-2015-8407
CVE-2015-8408
CVE-2015-8409
CVE-2015-8410
CVE-2015-8411
CVE-2015-8412
CVE-2015-8413
CVE-2015-8414
CVE-2015-8415
CVE-2015-8416
CVE-2015-8417
CVE-2015-8419
CVE-2015-8420
CVE-2015-8421
CVE-2015-8422
CVE-2015-8423
CVE-2015-8424
CVE-2015-8425
CVE-2015-8426
CVE-2015-8427
CVE-2015-8428
CVE-2015-8429
CVE-2015-8430
CVE-2015-8431
CVE-2015-8432
CVE-2015-8433
CVE-2015-8434
CVE-2015-8435
CVE-2015-8436
CVE-2015-8437
CVE-2015-8438
CVE-2015-8439
CVE-2015-8440
CVE-2015-8441
CVE-2015-8442
CVE-2015-8443
CVE-2015-8444
CVE-2015-8445
CVE-2015-8446
CVE-2015-8447
CVE-2015-8448
CVE-2015-8449
CVE-2015-8450
CVE-2015-8451
CVE-2015-8452
CVE-2015-8453
0e3dfdde-35c4-11e6-8e82-002590263bf5flash -- multiple vulnerabilities

Adobe reports:

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).

These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4140).

These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139).


Discovery 2016-06-16
Entry 2016-06-19
linux-c6-flashplugin
linux-c6_64-flashplugin
linux-f10-flashplugin
lt 11.2r202.626

CVE-2016-4122
CVE-2016-4123
CVE-2016-4124
CVE-2016-4125
CVE-2016-4127
CVE-2016-4128
CVE-2016-4129
CVE-2016-4130
CVE-2016-4131
CVE-2016-4132
CVE-2016-4133
CVE-2016-4134
CVE-2016-4135
CVE-2016-4136
CVE-2016-4137
CVE-2016-4138
CVE-2016-4139
CVE-2016-4140
CVE-2016-4141
CVE-2016-4142
CVE-2016-4143
CVE-2016-4144
CVE-2016-4145
CVE-2016-4146
CVE-2016-4147
CVE-2016-4148
CVE-2016-4149
CVE-2016-4150
CVE-2016-4151
CVE-2016-4152
CVE-2016-4153
CVE-2016-4154
CVE-2016-4155
CVE-2016-4156
CVE-2016-4166
CVE-2016-4171
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
3364d497-e4e6-11e4-a265-c485083ca99cAdobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions.

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
  • These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
  • These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).

Discovery 2015-04-14
Entry 2015-04-17
linux-c6-flashplugin
le 11.2r202.451

linux-f10-flashplugin
le 11.2r202.451

https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
CVE-2015-3038
CVE-2015-3039
CVE-2015-3040
CVE-2015-3041
CVE-2015-3042
CVE-2015-3043
CVE-2015-3044
CVE-2015-0346
CVE-2015-0347
CVE-2015-0348
CVE-2015-0349
CVE-2015-0350
CVE-2015-0351
CVE-2015-0352
CVE-2015-0353
CVE-2015-0354
CVE-2015-0355
CVE-2015-0356
CVE-2015-0357
CVE-2015-0358
CVE-2015-0359
CVE-2015-0360
07888b49-35c4-11e6-8e82-002590263bf5flash -- multiple vulnerabilities

Adobe reports:

These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006).

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).

These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2016-1018).

These updates resolve a security bypass vulnerability (CVE-2016-1030).

These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014).


Discovery 2016-04-07
Entry 2016-06-19
linux-c6-flashplugin
linux-c6_64-flashplugin
linux-f10-flashplugin
lt 11.2r202.616

CVE-2016-1006
CVE-2016-1011
CVE-2016-1012
CVE-2016-1013
CVE-2016-1014
CVE-2016-1015
CVE-2016-1016
CVE-2016-1017
CVE-2016-1018
CVE-2016-1019
CVE-2016-1020
CVE-2016-1021
CVE-2016-1022
CVE-2016-1023
CVE-2016-1024
CVE-2016-1025
CVE-2016-1026
CVE-2016-1027
CVE-2016-1028
CVE-2016-1029
CVE-2016-1030
CVE-2016-1031
CVE-2016-1032
CVE-2016-1033
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
8b3ecff5-c9b2-11e4-b71f-00bd5af88c00Adobe Flash Player -- critical vulnerabilities

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). These updates resolve a vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). These updates resolve a vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-0338). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).


Discovery 2015-03-12
Entry 2015-03-13
linux-c6-flashplugin
le 11.2r202.442

linux-f10-flashplugin
le 11.2r202.442

https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
CVE-2015-0332
CVE-2015-0333
CVE-2015-0334
CVE-2015-0335
CVE-2015-0336
CVE-2015-0337
CVE-2015-0338
CVE-2015-0339
CVE-2015-0340
CVE-2015-0341
CVE-2015-0342