{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:07:18+00:00",
      "generator": {
        "date": "2024-11-14T10:07:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:07:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:18+00:00",
      "generator": {
        "date": "2025-11-21T17:34:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:18+00:00",
      "generator": {
        "date": "2025-11-21T17:34:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player, version 10.0.12.36 et versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player, version 10.0.15.3 pour Linux et versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur multim\u00e9dia Adobe Flash\nPlayer\u00a0:\n\n-   la premi\u00e8re concerne le module Settings Manager. L\u0027exploitation de\n    cette vuln\u00e9rabilit\u00e9 sous forme de d\u00e9tournement de clic\n    (clickjacking) permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable\u00a0;\n-   un d\u00e9faut de validation des donn\u00e9es entr\u00e9es permet \u00e0 un utilisateur\n    malveillant de provoquer un arr\u00eat inopin\u00e9 du lecteur\u00a0;\n-   un probl\u00e8me permet de provoquer un d\u00e9bordement de tampon. Son\n    exploitation pour ex\u00e9cuter du code arbitraire \u00e0 distance serait\n    possible\u00a0;\n-   sur les plateformes Linux, un d\u00e9faut permet \u00e0 un utilisateur\n    malveillant de lire des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   sur les plateformes Windows, la gestion d\u00e9fectueuse du pointeur de\n    souris permet \u00e0 un utilisateur malveillant de r\u00e9aliser du\n    clickjacking. Cette exploitation permet \u00e0 un utilisateur malveillant\n    d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nLa version 10.0.22.87 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2009-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0522"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    }
  ],
  "initial_release_date": "2009-02-25T00:00:00",
  "last_revision_date": "2009-03-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2009:0334 du 25 f\u00e9vrier    2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0334.html"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 du CERTA du 10 octobre 2008, section 3    :",
      "url": "http://www.certa.ssi.gouv.fr//site/CERTA-2008-ACT-041/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2009:0332 du 25 f\u00e9vrier    2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0332.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SuSE-SA:2009:011 du 26 f\u00e9vrier    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00004.html"
    }
  ],
  "reference": "CERTA-2009-AVI-076",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-25T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Red Hat et SuSE.",
      "revision_date": "2009-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur multim\u00e9dia Adobe Flash\nPlayer. Certaines d\u0027entre elles permettent \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s d\u0027Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-01 du 24 f\u00e9vrier 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C",
              "versionEndIncluding": "10.0.15.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE94BCCA-F6B2-48C9-8FBD-36CC3194B00E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Adobe Flash Player 9v.x anteriores a v9.0.159.0 y v10.x anteriores a 10.0.22.87 en Linux que permite a los usuarios locales obtener informaci\u00f3n sensible o obtener privilegios a trav\u00e9s de una librer\u00eda manipulada en un directorio contenido en RPATH."
    }
  ],
  "evaluatorSolution": "http://www.adobe.com/support/security/bulletins/apsb09-01.html\n\n\"This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)\"",
  "id": "CVE-2009-0521",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-26T16:17:19.920",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48904"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6160"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2009-0521",
    "description": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
    "id": "GSD-2009-0521",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0521.html",
      "https://access.redhat.com/errata/RHSA-2009:0332"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0521"
      ],
      "details": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
      "id": "GSD-2009-0521",
      "modified": "2023-12-13T01:19:43.988525Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0521",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://isc.sans.org/diary.html?storyid=5929",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?storyid=5929"
          },
          {
            "name": "oval:org.mitre.oval:def:6160",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6160"
          },
          {
            "name": "RHSA-2009:0332",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
          },
          {
            "name": "34226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "flash-unspecified-information-disclosure(48904)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48904"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
          },
          {
            "name": "ADV-2009-0513",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0513"
          },
          {
            "name": "GLSA-200903-23",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487144",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
          },
          {
            "name": "34012",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34012"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.0.15.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0521"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34012",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34012"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487144",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=5929",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.html?storyid=5929"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
            },
            {
              "name": "RHSA-2009:0332",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
            },
            {
              "name": "ADV-2009-0513",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0513"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "flash-unspecified-information-disclosure(48904)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48904"
            },
            {
              "name": "oval:org.mitre.oval:def:6160",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6160"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:33Z",
      "publishedDate": "2009-02-26T16:17Z"
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2009-0521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-26T16:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
  "id": "GHSA-h35j-98vm-989g",
  "modified": "2022-05-02T03:16:15Z",
  "published": "2022-05-02T03:16:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48904"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6160"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}