cvelistv5 - CVE-2006-3311

CVE-2006-3311 (GCVE-0-2006-3311)

Vulnerability from cvelistv5

Published

2006-09-12 23:00

Modified

2024-08-07 18:23

Severity ?

CWE

Summary

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
cve@mitre.org	http://secunia.com/advisories/21865	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21901
cve@mitre.org	http://secunia.com/advisories/22054
cve@mitre.org	http://secunia.com/advisories/22187
cve@mitre.org	http://secunia.com/advisories/22268
cve@mitre.org	http://secunia.com/advisories/22882
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200610-02.xml
cve@mitre.org	http://securityreason.com/securityalert/1546
cve@mitre.org	http://securitytracker.com/id?1016829
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb06-11.html	Patch
cve@mitre.org	http://www.computerterrorism.com/research/ct12-09-2006.htm	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/451380	US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0674.html
cve@mitre.org	http://www.securityfocus.com/archive/1/445825/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19980
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3573
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3577
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3852
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4507
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28886
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21865	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21901
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22054
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22268
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22882
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200610-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1546
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016829
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb06-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.computerterrorism.com/research/ct12-09-2006.htm	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/451380	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0674.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/445825/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19980
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3573
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3577
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3852
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4507
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28886
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:21.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3573",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3573"
          },
          {
            "name": "22054",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22054"
          },
          {
            "name": "TA06-318A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "22268",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22268"
          },
          {
            "name": "ADV-2006-4507",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4507"
          },
          {
            "name": "VU#451380",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/451380"
          },
          {
            "name": "19980",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19980"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
          },
          {
            "name": "22187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22187"
          },
          {
            "name": "ADV-2006-3852",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3852"
          },
          {
            "name": "22882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22882"
          },
          {
            "name": "21865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21865"
          },
          {
            "name": "flashplayer-swf-string-bo(28886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
          },
          {
            "name": "APPLE-SA-2006-09-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:394",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
          },
          {
            "name": "1546",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1546"
          },
          {
            "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2006:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
          },
          {
            "name": "1016829",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016829"
          },
          {
            "name": "21901",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21901"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
          },
          {
            "name": "RHSA-2006:0674",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
          },
          {
            "name": "ADV-2006-3577",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "TA06-275A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
          },
          {
            "name": "MS06-069",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
          },
          {
            "name": "GLSA-200610-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-3573",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3573"
        },
        {
          "name": "22054",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22054"
        },
        {
          "name": "TA06-318A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
        },
        {
          "name": "22268",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22268"
        },
        {
          "name": "ADV-2006-4507",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4507"
        },
        {
          "name": "VU#451380",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/451380"
        },
        {
          "name": "19980",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19980"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
        },
        {
          "name": "22187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22187"
        },
        {
          "name": "ADV-2006-3852",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3852"
        },
        {
          "name": "22882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22882"
        },
        {
          "name": "21865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21865"
        },
        {
          "name": "flashplayer-swf-string-bo(28886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
        },
        {
          "name": "APPLE-SA-2006-09-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:394",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
        },
        {
          "name": "1546",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1546"
        },
        {
          "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
        },
        {
          "name": "SUSE-SA:2006:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
        },
        {
          "name": "1016829",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016829"
        },
        {
          "name": "21901",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21901"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
        },
        {
          "name": "RHSA-2006:0674",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
        },
        {
          "name": "ADV-2006-3577",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3577"
        },
        {
          "name": "TA06-275A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
        },
        {
          "name": "MS06-069",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
        },
        {
          "name": "GLSA-200610-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-3573",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3573"
            },
            {
              "name": "22054",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22054"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "22268",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22268"
            },
            {
              "name": "ADV-2006-4507",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4507"
            },
            {
              "name": "VU#451380",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/451380"
            },
            {
              "name": "19980",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19980"
            },
            {
              "name": "http://www.computerterrorism.com/research/ct12-09-2006.htm",
              "refsource": "MISC",
              "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
            },
            {
              "name": "22187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22187"
            },
            {
              "name": "ADV-2006-3852",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3852"
            },
            {
              "name": "22882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22882"
            },
            {
              "name": "21865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21865"
            },
            {
              "name": "flashplayer-swf-string-bo(28886)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
            },
            {
              "name": "APPLE-SA-2006-09-29",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:394",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
            },
            {
              "name": "1546",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1546"
            },
            {
              "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
            },
            {
              "name": "SUSE-SA:2006:053",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
            },
            {
              "name": "1016829",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016829"
            },
            {
              "name": "21901",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21901"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
            },
            {
              "name": "RHSA-2006:0674",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "TA06-275A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
            },
            {
              "name": "MS06-069",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
            },
            {
              "name": "GLSA-200610-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3311",
    "datePublished": "2006-09-12T23:00:00",
    "dateReserved": "2006-06-29T00:00:00",
    "dateUpdated": "2024-08-07T18:23:21.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3311\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-09-12T23:07:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena grande y creada dinamicamente en una pel\u00edcula SWF.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.24.0\",\"matchCriteriaId\":\"8D18545D-9EE5-4AC5-9A44-0C548AFA691A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33446303-71A3-4676-8D1D-E1E6EEF46BA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF76C783-F118-4421-97D9-836172CE812A\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21901\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22054\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22187\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22268\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22882\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200610-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1546\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016829\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb06-11.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.computerterrorism.com/research/ct12-09-2006.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/451380\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0674.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/445825/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19980\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3573\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3852\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4507\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28886\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200610-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb06-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.computerterrorism.com/research/ct12-09-2006.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/451380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0674.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/445825/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-3311

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3311

Aliases

CVE-2006-3311

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3311",
    "description": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
    "id": "GSD-2006-3311",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-3311.html",
      "https://access.redhat.com/errata/RHSA-2006:0674"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3311"
      ],
      "details": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
      "id": "GSD-2006-3311",
      "modified": "2023-12-13T01:19:57.745012Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3311",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-3573",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3573"
          },
          {
            "name": "22054",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22054"
          },
          {
            "name": "TA06-318A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "22268",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22268"
          },
          {
            "name": "ADV-2006-4507",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4507"
          },
          {
            "name": "VU#451380",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/451380"
          },
          {
            "name": "19980",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19980"
          },
          {
            "name": "http://www.computerterrorism.com/research/ct12-09-2006.htm",
            "refsource": "MISC",
            "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
          },
          {
            "name": "22187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22187"
          },
          {
            "name": "ADV-2006-3852",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3852"
          },
          {
            "name": "22882",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22882"
          },
          {
            "name": "21865",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21865"
          },
          {
            "name": "flashplayer-swf-string-bo(28886)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
          },
          {
            "name": "APPLE-SA-2006-09-29",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:394",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
          },
          {
            "name": "1546",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1546"
          },
          {
            "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2006:053",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
          },
          {
            "name": "1016829",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016829"
          },
          {
            "name": "21901",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21901"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
          },
          {
            "name": "RHSA-2006:0674",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
          },
          {
            "name": "ADV-2006-3577",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "TA06-275A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
          },
          {
            "name": "MS06-069",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
          },
          {
            "name": "GLSA-200610-02",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.24.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3311"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.computerterrorism.com/research/ct12-09-2006.htm",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
            },
            {
              "name": "21865",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21865"
            },
            {
              "name": "RHSA-2006:0674",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
            },
            {
              "name": "19980",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19980"
            },
            {
              "name": "1016829",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016829"
            },
            {
              "name": "21901",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21901"
            },
            {
              "name": "VU#451380",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/451380"
            },
            {
              "name": "SUSE-SA:2006:053",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
            },
            {
              "name": "22054",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22054"
            },
            {
              "name": "APPLE-SA-2006-09-29",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
            },
            {
              "name": "TA06-275A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
            },
            {
              "name": "22187",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22187"
            },
            {
              "name": "GLSA-200610-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
            },
            {
              "name": "22882",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22882"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "22268",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22268"
            },
            {
              "name": "1546",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1546"
            },
            {
              "name": "ADV-2006-4507",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4507"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "ADV-2006-3573",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3573"
            },
            {
              "name": "ADV-2006-3852",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3852"
            },
            {
              "name": "flashplayer-swf-string-bo(28886)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
            },
            {
              "name": "oval:org.mitre.oval:def:394",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
            },
            {
              "name": "MS06-069",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
            },
            {
              "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-18T16:46Z",
      "publishedDate": "2006-09-12T23:07Z"
    }
  }
}

CERTA-2006-AVI-398

Vulnerability from certfr_avis

None

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur Adobe Flash Player. Elles permettraient à un utilisateur mal intentionné de contourner les restrictions du paramètre de sécurité allowScriptAccess, et d'exécuter du code arbitraire à distance par le biais d'un fichier au format .swf construit de façon particulière. Une dernière vulnérabilité concernerait une mauvaise manipulation de chaînes de caractères dynamiques, et de longueur excessive. Elle pourrait provoquer un débordement de mémoire.

Adobe Flash Player es parfois utilisé indirectement, par le biais d'un navigateur Internet, afin de visualiser des contenus animés au format Flash sur un site web.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Flash Player versions 8.0.24 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 12 septembre 2006	None	vendor-advisory
Référence CVE CVE-2006-3587 :	-	other
Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006 :	-	other
Référence CVE CVE-2006-4640 :	-	other
Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006 :	-	other
Référence CVE CVE-2006-3014 :	-	other
Référence CVE CVE-2006-3588 :	-	other
Référence CVE CVE-2006-3311 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Flash Player versions 8.0.24 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur Adobe Flash\nPlayer. Elles permettraient \u00e0 un utilisateur mal intentionn\u00e9 de\ncontourner les restrictions du param\u00e8tre de s\u00e9curit\u00e9 allowScriptAccess,\net d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier au\nformat .swf construit de fa\u00e7on particuli\u00e8re. Une derni\u00e8re vuln\u00e9rabilit\u00e9\nconcernerait une mauvaise manipulation de cha\u00eenes de caract\u00e8res\ndynamiques, et de longueur excessive. Elle pourrait provoquer un\nd\u00e9bordement de m\u00e9moire.\n\nAdobe Flash Player es parfois utilis\u00e9 indirectement, par le biais d\u0027un\nnavigateur Internet, afin de visualiser des contenus anim\u00e9s au format\nFlash sur un site web.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-3014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3014"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    }
  ],
  "initial_release_date": "2006-09-14T00:00:00",
  "last_revision_date": "2006-11-15T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3587 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3587"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-4640 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-4640"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-069.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3014 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3014"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3588 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3588"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3311 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3311"
    }
  ],
  "reference": "CERTA-2006-AVI-398",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-14T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2006-10-03T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Microsoft MS06-069.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 12 septembre 2006",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    }
  ]
}

CERTA-2006-AVI-498

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans Adobe Macromedia Flash Player pour Windows. Une personne malveillante pourrait exploiter l'une d'elles afin d'exécuter, à distance, des commandes arbitraires sur la machine vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Adobe Macromedia Flash Player pour Windows. Celles-ci ont été présentées dans l'avis concernant Adobe CERTA-2006-AVI-398, datant du 03 octobre 2006. Microsoft redistribue cependant ces produits avec certaines versions de Microsoft Windows.

Une personne malveillante pourrait exploiter l'une de ces vulnérabilités afin d'exécuter, à distance, des commandes arbitraires sur la machine vulnérable.

Solution

Se référer au bulletin de sécurité MS06-069 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Microsoft Windows XP Service Pack 2 ;
	Adobe	N/A	Microsoft Windows XP Professional x64 Edition.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006	None	vendor-advisory
Avis du CERTA CERTA-2006-AVI-398 du 03 octobre 2006, « Vulnérabilités dans Adobe Flash Player » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Professional x64 Edition.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Adobe Macromedia Flash\nPlayer pour Windows. Celles-ci ont \u00e9t\u00e9 pr\u00e9sent\u00e9es dans l\u0027avis concernant\nAdobe CERTA-2006-AVI-398, datant du 03 octobre 2006. Microsoft\nredistribue cependant ces produits avec certaines versions de Microsoft\nWindows.\n\nUne personne malveillante pourrait exploiter l\u0027une de ces vuln\u00e9rabilit\u00e9s\nafin d\u0027ex\u00e9cuter, \u00e0 distance, des commandes arbitraires sur la machine\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS06-069 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-3014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3014"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    }
  ],
  "initial_release_date": "2006-11-15T00:00:00",
  "last_revision_date": "2006-11-15T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA CERTA-2006-AVI-398 du 03 octobre 2006, \u00ab    Vuln\u00e9rabilit\u00e9s dans Adobe Flash Player \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-398/"
    }
  ],
  "reference": "CERTA-2006-AVI-498",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Adobe Macromedia Flash\nPlayer pour Windows. Une personne malveillante pourrait exploiter l\u0027une\nd\u0027elles afin d\u0027ex\u00e9cuter, \u00e0 distance, des commandes arbitraires sur la\nmachine vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Macromedia Flash Player pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx"
    }
  ]
}

CERTA-2006-AVI-416

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système, telles que Adobe Flash Player, Safari ou QuickDraw. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante d'élever ses privilèges localement, voire d'exécuter des commandes arbitraires à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système. Parmi celles-ci :

une vulnérabilité dans CFNetwork, une interface de programmation permettant l'abstraction de certaines fonctionnalités des couches réseau : elle ne manipulerait pas correctement les authentifications SSL. Tout client s'appuyant sur elle, comme le navigateur Safari, pourrait donc montrer une connexion SSL authentifiée et chiffrée (icône cadenas dans la fenêtre du navigateur), bien que l'authentification ne soit pas effectuée.
plusieurs vulnérabilités dans l'application Adobe Flash Player, aussi commentées dans l'avis du CERTA CERTA-2006-AVI-398 : celle-ci ne manipulerait pas convenablement certains fichiers multimedia au format .swf, permettant à un document spécialement construit de contourner le paramètre de sécurité nommé allowScriptAccess de l'application vulnérable.
une vulnérabilité dans l'application ImageIO : elle n'interprèterait pas correctement certaines images JPEG2000. Une personne malveillant pourrait construire un document particulier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire lorsque l'image est visualisée sur le système vulnérable.
une vulnérabilité dans la manipulation des erreurs par le noyau de Mac OS X : quand une erreur survient (fermer une application brutalement par exemple), le noyau fait appel à des ports d'exception Mach. Une personne malveillante pourrait profiter des droits accordés à ces derniers pour élever ses privilèges à ceux de l'administrateur (root).
plusieurs vulnérabilités dans l'application LoginWindow : cette application gère notamment les services autorisés aux utilisateurs qui se connecteraient à distance sur le système. Il serait possible pour une personne malveillante de contourner la politique de contrôle d'accès spécifiée dans le système.
une vulnérabilité dans le service Préferences, servant à configurer le système d'exploitation : les privilèges ne seraient pas correctement nettoyés à la suppression d'un compte administrateur.
une vulnérabilité non documentée concernant la manipulation d'images PICT par l'application QuickDraw Manager.
une vulnérabilité dans le service de messagerie Cyrus SASL, au cours de la négaociation DIGEST-MD5 : une personne malveillante pourrait construire un paquet particulier, perturbant le système vulnérable qui le recevrait.
une vulnérabilité de l'utilitaire WebCore : celui-ci est un moteur de rendu HTML pour le système d'exploitation Mac OS X. C'est un des composants primaires repris dans l'utilitaire WebKit. Il ne manipulerait pas correctement certains documents au format HTML, permettant à un utilisateur d'exécuter du code sur le système qui ouvrirait son document construit de manière malveillante.
une vulnérabilité dans le service d'administration Workgroup Manager, qui n'utiliserait pas correctement les mots de passe ShadowHash avec la hiérarchie des domaines de NetInfo.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.4, pour les versions antérieures à 10.4.8.
Apple	N/A	Apple Mac OS X Server version 10.3.9 ;
Apple	N/A	Apple Mac OS X v10.4 , pour les versions antérieures à 10.4.8 ;
Apple	N/A	Apple Mac OS X version 10.3.9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2006-006 du 29 septembre 2006	None	vendor-advisory
Bulletin de sécurité Apple du 29 septembre 2006 :	-	other
Avis du CERTA CERTA-2006-AVI-398, 'Vulnérabilités dans Adobe Flash Player', du 14 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.4, pour les versions ant\u00e9rieures \u00e0 10.4.8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4 , pour les versions ant\u00e9rieures \u00e0 10.4.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me. Parmi celles-ci :\n\n-   une vuln\u00e9rabilit\u00e9 dans CFNetwork, une interface de programmation\n    permettant l\u0027abstraction de certaines fonctionnalit\u00e9s des couches\n    r\u00e9seau : elle ne manipulerait pas correctement les authentifications\n    SSL. Tout client s\u0027appuyant sur elle, comme le navigateur Safari,\n    pourrait donc montrer une connexion SSL authentifi\u00e9e et chiffr\u00e9e\n    (ic\u00f4ne cadenas dans la fen\u00eatre du navigateur), bien que\n    l\u0027authentification ne soit pas effectu\u00e9e.\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application Adobe Flash Player,\n    aussi comment\u00e9es dans l\u0027avis du CERTA CERTA-2006-AVI-398 : celle-ci\n    ne manipulerait pas convenablement certains fichiers multimedia au\n    format .swf, permettant \u00e0 un document sp\u00e9cialement construit de\n    contourner le param\u00e8tre de s\u00e9curit\u00e9 nomm\u00e9 allowScriptAccess de\n    l\u0027application vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027application ImageIO : elle n\u0027interpr\u00e8terait\n    pas correctement certaines images JPEG2000. Une personne malveillant\n    pourrait construire un document particulier exploitant cette\n    vuln\u00e9rabilit\u00e9, afin d\u0027ex\u00e9cuter du code arbitraire lorsque l\u0027image\n    est visualis\u00e9e sur le syst\u00e8me vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans la manipulation des erreurs par le noyau de\n    Mac OS X : quand une erreur survient (fermer une application\n    brutalement par exemple), le noyau fait appel \u00e0 des ports\n    d\u0027exception Mach. Une personne malveillante pourrait profiter des\n    droits accord\u00e9s \u00e0 ces derniers pour \u00e9lever ses privil\u00e8ges \u00e0 ceux de\n    l\u0027administrateur (root).\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application LoginWindow : cette\n    application g\u00e8re notamment les services autoris\u00e9s aux utilisateurs\n    qui se connecteraient \u00e0 distance sur le syst\u00e8me. Il serait possible\n    pour une personne malveillante de contourner la politique de\n    contr\u00f4le d\u0027acc\u00e8s sp\u00e9cifi\u00e9e dans le syst\u00e8me.\n-   une vuln\u00e9rabilit\u00e9 dans le service Pr\u00e9ferences, servant \u00e0 configurer\n    le syst\u00e8me d\u0027exploitation : les privil\u00e8ges ne seraient pas\n    correctement nettoy\u00e9s \u00e0 la suppression d\u0027un compte administrateur.\n-   une vuln\u00e9rabilit\u00e9 non document\u00e9e concernant la manipulation d\u0027images\n    PICT par l\u0027application QuickDraw Manager.\n-   une vuln\u00e9rabilit\u00e9 dans le service de messagerie Cyrus SASL, au cours\n    de la n\u00e9gaociation DIGEST-MD5 : une personne malveillante pourrait\n    construire un paquet particulier, perturbant le syst\u00e8me vuln\u00e9rable\n    qui le recevrait.\n-   une vuln\u00e9rabilit\u00e9 de l\u0027utilitaire WebCore : celui-ci est un moteur\n    de rendu HTML pour le syst\u00e8me d\u0027exploitation Mac OS X. C\u0027est un des\n    composants primaires repris dans l\u0027utilitaire WebKit. Il ne\n    manipulerait pas correctement certains documents au format HTML,\n    permettant \u00e0 un utilisateur d\u0027ex\u00e9cuter du code sur le syst\u00e8me qui\n    ouvrirait son document construit de mani\u00e8re malveillante.\n-   une vuln\u00e9rabilit\u00e9 dans le service d\u0027administration Workgroup\n    Manager, qui n\u0027utiliserait pas correctement les mots de passe\n    ShadowHash avec la hi\u00e9rarchie des domaines de NetInfo.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4395"
    },
    {
      "name": "CVE-2006-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4397"
    },
    {
      "name": "CVE-2006-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4394"
    },
    {
      "name": "CVE-2006-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1721"
    },
    {
      "name": "CVE-2006-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4391"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4390"
    },
    {
      "name": "CVE-2006-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4387"
    },
    {
      "name": "CVE-2006-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4393"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    },
    {
      "name": "CVE-2006-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3946"
    },
    {
      "name": "CVE-2006-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4392"
    },
    {
      "name": "CVE-2006-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4399"
    }
  ],
  "initial_release_date": "2006-10-03T00:00:00",
  "last_revision_date": "2006-10-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 29 septembre 2006 :",
      "url": "http://docs.info.apple.com/article.html?artnum=304460"
    },
    {
      "title": "Avis du CERTA CERTA-2006-AVI-398, \u0027Vuln\u00e9rabilit\u00e9s dans    Adobe Flash Player\u0027, du 14 septembre 2006 :",
      "url": "http://www.certa/ssi.gouv.fr/site/CERTA-2006-AVI-398/"
    }
  ],
  "reference": "CERTA-2006-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me, telles que Adobe Flash Player, Safari ou\nQuickDraw. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante d\u0027\u00e9lever ses privil\u00e8ges localement, voire\nd\u0027ex\u00e9cuter des commandes arbitraires \u00e0 distance.\n",
  "title": "Plusieurs vuln\u00e9rabilit\u00e9s dans Apple Mac OS X et des applications associ\u00e9es",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2006-006 du 29 septembre 2006",
      "url": null
    }
  ]
}

rhsa-2006:0674

Vulnerability from csaf_redhat

Published

2006-09-12 18:52

Modified

2025-11-08 03:23

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Adobe Flash file. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) Users of Adobe Flash Player should upgrade to this updated package, which contains version 7.0.68 and is not vulnerable to this issue. Red Hat would like to thank Adobe for notifying us of these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes security issues is now\navailable.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nbrowser plug-in.\n\nSecurity issues were discovered in the Adobe Flash Player. It may be\npossible to execute arbitrary code on a victim\u0027s machine if the victim\nopens a malicious Adobe Flash file.  (CVE-2006-3311, CVE-2006-3587,\nCVE-2006-3588)\n\nUsers of Adobe Flash Player should upgrade to this updated package, which\ncontains version 7.0.68 and is not vulnerable to this issue.\n\nRed Hat would like to thank Adobe for notifying us of these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0674",
        "url": "https://access.redhat.com/errata/RHSA-2006:0674"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "205983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=205983"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0674.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:23:38+00:00",
      "generator": {
        "date": "2025-11-08T03:23:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0674",
      "initial_release_date": "2006-09-12T18:52:00+00:00",
      "revision_history": [
        {
          "date": "2006-09-12T18:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-09-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:23:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-3311",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3587",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in \"multiple improper memory access\" errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3588",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-4640",
      "discovery_date": "2006-09-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2006:0674

Vulnerability from csaf_redhat

Published

2006-09-12 18:52

Modified

2025-11-08 03:23

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes security issues is now\navailable.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nbrowser plug-in.\n\nSecurity issues were discovered in the Adobe Flash Player. It may be\npossible to execute arbitrary code on a victim\u0027s machine if the victim\nopens a malicious Adobe Flash file.  (CVE-2006-3311, CVE-2006-3587,\nCVE-2006-3588)\n\nUsers of Adobe Flash Player should upgrade to this updated package, which\ncontains version 7.0.68 and is not vulnerable to this issue.\n\nRed Hat would like to thank Adobe for notifying us of these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0674",
        "url": "https://access.redhat.com/errata/RHSA-2006:0674"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "205983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=205983"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0674.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:23:38+00:00",
      "generator": {
        "date": "2025-11-08T03:23:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0674",
      "initial_release_date": "2006-09-12T18:52:00+00:00",
      "revision_history": [
        {
          "date": "2006-09-12T18:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-09-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:23:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-3311",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3587",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in \"multiple improper memory access\" errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3588",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-4640",
      "discovery_date": "2006-09-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2006_0674

Vulnerability from csaf_redhat

Published

2006-09-12 18:52

Modified

2024-11-14 10:04

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes security issues is now\navailable.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nbrowser plug-in.\n\nSecurity issues were discovered in the Adobe Flash Player. It may be\npossible to execute arbitrary code on a victim\u0027s machine if the victim\nopens a malicious Adobe Flash file.  (CVE-2006-3311, CVE-2006-3587,\nCVE-2006-3588)\n\nUsers of Adobe Flash Player should upgrade to this updated package, which\ncontains version 7.0.68 and is not vulnerable to this issue.\n\nRed Hat would like to thank Adobe for notifying us of these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0674",
        "url": "https://access.redhat.com/errata/RHSA-2006:0674"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "205983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=205983"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0674.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:04:36+00:00",
      "generator": {
        "date": "2024-11-14T10:04:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2006:0674",
      "initial_release_date": "2006-09-12T18:52:00+00:00",
      "revision_history": [
        {
          "date": "2006-09-12T18:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-09-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:04:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-3311",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618138"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618138",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618138"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3587",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in \"multiple improper memory access\" errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3587"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-3588",
      "discovery_date": "2006-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3588"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2006-4640",
      "discovery_date": "2006-09-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4640"
        }
      ],
      "release_date": "2006-09-12T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-12T18:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0674"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

ghsa-gvvr-v2c3-c74r

Vulnerability from github

Published

2022-05-01 07:07

Modified

2022-05-01 07:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3311"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-12T23:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.",
  "id": "GHSA-gvvr-v2c3-c74r",
  "modified": "2022-05-01T07:07:55Z",
  "published": "2022-05-01T07:07:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3311"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21901"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22054"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22268"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1546"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016829"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/451380"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-3311

Vulnerability from fkie_nvd

Published

2006-09-12 23:07

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
cve@mitre.org	http://secunia.com/advisories/21865	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21901
cve@mitre.org	http://secunia.com/advisories/22054
cve@mitre.org	http://secunia.com/advisories/22187
cve@mitre.org	http://secunia.com/advisories/22268
cve@mitre.org	http://secunia.com/advisories/22882
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200610-02.xml
cve@mitre.org	http://securityreason.com/securityalert/1546
cve@mitre.org	http://securitytracker.com/id?1016829
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb06-11.html	Patch
cve@mitre.org	http://www.computerterrorism.com/research/ct12-09-2006.htm	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/451380	US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0674.html
cve@mitre.org	http://www.securityfocus.com/archive/1/445825/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19980
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3573
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3577
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3852
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4507
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28886
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21865	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21901
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22054
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22268
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22882
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200610-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1546
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016829
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb06-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.computerterrorism.com/research/ct12-09-2006.htm	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/451380	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0674.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/445825/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19980
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3573
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3577
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3852
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4507
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28886
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394

Impacted products

Vendor	Product	Version
adobe	flash_player	*
adobe	flash_player	8
adobe	flash_player	mx_2004
adobe	flex_sdk	1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D18545D-9EE5-4AC5-9A44-0C548AFA691A",
              "versionEndIncluding": "8.0.24.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "33446303-71A3-4676-8D1D-E1E6EEF46BA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF76C783-F118-4421-97D9-836172CE812A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena grande y creada dinamicamente en una pel\u00edcula SWF."
    }
  ],
  "id": "CVE-2006-3311",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-12T23:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22054"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1546"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016829"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/451380"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/451380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0674.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445825/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-3311 (GCVE-0-2006-3311)

Vulnerability from cvelistv5

Vulnerability from gsd

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from github

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature