cvelistv5 - cve-2018-4871

CVE-2018-4871 (GCVE-0-2018-4871)

Vulnerability from cvelistv5 – Published: 2018-01-09 21:00 – Updated: 2024-08-05 05:18

Summary

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Severity ?

No CVSS data available.

CWE

Out-of-bounds Read

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0081	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/102465	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040155	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Adobe Flash Player before 28.0.0.137	Affected: Adobe Flash Player before 28.0.0.137

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
          },
          {
            "name": "RHSA-2018:0081",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0081"
          },
          {
            "name": "102465",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102465"
          },
          {
            "name": "1040155",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player before 28.0.0.137",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player before 28.0.0.137"
            }
          ]
        }
      ],
      "datePublic": "2018-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-11T10:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
        },
        {
          "name": "RHSA-2018:0081",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        },
        {
          "name": "102465",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102465"
        },
        {
          "name": "1040155",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player before 28.0.0.137",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player before 28.0.0.137"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
            },
            {
              "name": "RHSA-2018:0081",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0081"
            },
            {
              "name": "102465",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102465"
            },
            {
              "name": "1040155",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2018-4871",
    "datePublished": "2018-01-09T21:00:00",
    "dateReserved": "2018-01-03T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndIncluding\": \"28.0.0.126\", \"matchCriteriaId\": \"C5F9F7A5-FB23-47C9-AB77-D51C60487261\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndIncluding\": \"28.0.0.126\", \"matchCriteriaId\": \"6340361C-3057-4462-8CD8-5488B4EBBDB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*\", \"versionEndIncluding\": \"28.0.0.126\", \"matchCriteriaId\": \"DAB92E1E-55FF-45B8-A0F3-6F50C5A334D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"28.0.0.126\", \"matchCriteriaId\": \"FB72C439-6671-4EE0-ABAC-5D1F46686803\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema de lectura fuera de l\\u00edmites en Adobe Flash Player en versiones anteriores a la 28.0.0.137. La vulnerabilidad ocurre debido a un c\\u00e1lculo que lee datos m\\u00e1s all\\u00e1 del final del b\\u00fafer objetivo. El uso de un desplazamiento de punteros inv\\u00e1lido (fuera de rango) durante el acceso a los campos de la estructura de datos interna provoca esta vulnerabilidad. Un ataque con \\u00e9xito podr\\u00eda conducir a la exposici\\u00f3n de datos sensibles.\"}]",
      "id": "CVE-2018-4871",
      "lastModified": "2024-11-21T04:07:36.950",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-09T21:29:00.547",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102465\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040155\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0081\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102465\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4871\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2018-01-09T21:29:00.547\",\"lastModified\":\"2024-11-21T04:07:36.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema de lectura fuera de l\u00edmites en Adobe Flash Player en versiones anteriores a la 28.0.0.137. La vulnerabilidad ocurre debido a un c\u00e1lculo que lee datos m\u00e1s all\u00e1 del final del b\u00fafer objetivo. El uso de un desplazamiento de punteros inv\u00e1lido (fuera de rango) durante el acceso a los campos de la estructura de datos interna provoca esta vulnerabilidad. Un ataque con \u00e9xito podr\u00eda conducir a la exposici\u00f3n de datos sensibles.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"28.0.0.126\",\"matchCriteriaId\":\"C5F9F7A5-FB23-47C9-AB77-D51C60487261\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"28.0.0.126\",\"matchCriteriaId\":\"6340361C-3057-4462-8CD8-5488B4EBBDB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*\",\"versionEndIncluding\":\"28.0.0.126\",\"matchCriteriaId\":\"DAB92E1E-55FF-45B8-A0F3-6F50C5A334D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"28.0.0.126\",\"matchCriteriaId\":\"FB72C439-6671-4EE0-ABAC-5D1F46686803\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102465\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040155\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0081\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Adobe Flash Player. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 28.0.0.137 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 28.0.0.137 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.137 pour Windows et Macintosh
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.137 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-01 du 9 janvier 2018	None	vendor-advisory
Bulletin de sécurité Adobe APSB18-01 du 10 janvier 2018	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 28.0.0.137 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 28.0.0.137 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.137 pour Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.137 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-01 du 10 janvier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
    }
  ],
  "reference": "CERTFR-2018-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash Player. Elle permet\n\u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-01 du 9 janvier 2018",
      "url": null
    }
  ]
}

CERTFR-2018-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Adobe Flash Player. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 28.0.0.137 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 28.0.0.137 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.137 pour Windows et Macintosh
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.137 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-01 du 9 janvier 2018	None	vendor-advisory
Bulletin de sécurité Adobe APSB18-01 du 10 janvier 2018	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 28.0.0.137 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 28.0.0.137 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.137 pour Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.137 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-01 du 10 janvier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
    }
  ],
  "reference": "CERTFR-2018-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash Player. Elle permet\n\u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-01 du 9 janvier 2018",
      "url": null
    }
  ]
}

RHSA-2018_0081

Vulnerability from csaf_redhat - Published: 2018-01-10 20:56 - Updated: 2024-11-15 02:06

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0081",
        "url": "https://access.redhat.com/errata/RHSA-2018:0081"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
      },
      {
        "category": "external",
        "summary": "1525508",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
      },
      {
        "category": "external",
        "summary": "1532810",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0081.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-15T02:06:10+00:00",
      "generator": {
        "date": "2024-11-15T02:06:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:0081",
      "initial_release_date": "2018-01-10T20:56:19+00:00",
      "revision_history": [
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T02:06:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.137-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11305",
      "discovery_date": "2017-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525508"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525508",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
        }
      ],
      "release_date": "2017-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)"
    },
    {
      "cve": "CVE-2018-4871",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1532810"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "RHBZ#1532810",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
        }
      ],
      "release_date": "2018-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)"
    }
  ]
}

RHSA-2018:0081

Vulnerability from csaf_redhat - Published: 2018-01-10 20:56 - Updated: 2025-11-21 18:03

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0081",
        "url": "https://access.redhat.com/errata/RHSA-2018:0081"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
      },
      {
        "category": "external",
        "summary": "1525508",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
      },
      {
        "category": "external",
        "summary": "1532810",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0081.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:03:26+00:00",
      "generator": {
        "date": "2025-11-21T18:03:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:0081",
      "initial_release_date": "2018-01-10T20:56:19+00:00",
      "revision_history": [
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:03:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.137-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11305",
      "discovery_date": "2017-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525508"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525508",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
        }
      ],
      "release_date": "2017-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)"
    },
    {
      "cve": "CVE-2018-4871",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1532810"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "RHBZ#1532810",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
        }
      ],
      "release_date": "2018-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)"
    }
  ]
}

GHSA-JHFM-PRJW-6726

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-09T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
  "id": "GHSA-jhfm-prjw-6726",
  "modified": "2022-05-13T01:06:32Z",
  "published": "2022-05-13T01:06:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102465"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-4871

Vulnerability from fkie_nvd - Published: 2018-01-09 21:29 - Updated: 2024-11-21 04:07

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/102465	Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1040155	Third Party Advisory, VDB Entry
psirt@adobe.com	https://access.redhat.com/errata/RHSA-2018:0081	Third Party Advisory, VDB Entry
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb18-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102465	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040155	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0081	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb18-01.html	Vendor Advisory

Impacted products

Vendor	Product	Version
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
adobe	flash_player	*
apple	macos	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_8.1	-
adobe	flash_player	*
apple	macos	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "C5F9F7A5-FB23-47C9-AB77-D51C60487261",
              "versionEndIncluding": "28.0.0.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "6340361C-3057-4462-8CD8-5488B4EBBDB9",
              "versionEndIncluding": "28.0.0.126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
              "matchCriteriaId": "DAB92E1E-55FF-45B8-A0F3-6F50C5A334D8",
              "versionEndIncluding": "28.0.0.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB72C439-6671-4EE0-ABAC-5D1F46686803",
              "versionEndIncluding": "28.0.0.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de lectura fuera de l\u00edmites en Adobe Flash Player en versiones anteriores a la 28.0.0.137. La vulnerabilidad ocurre debido a un c\u00e1lculo que lee datos m\u00e1s all\u00e1 del final del b\u00fafer objetivo. El uso de un desplazamiento de punteros inv\u00e1lido (fuera de rango) durante el acceso a los campos de la estructura de datos interna provoca esta vulnerabilidad. Un ataque con \u00e9xito podr\u00eda conducir a la exposici\u00f3n de datos sensibles."
    }
  ],
  "id": "CVE-2018-4871",
  "lastModified": "2024-11-21T04:07:36.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-09T21:29:00.547",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102465"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040155"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-02210

Vulnerability from cnvd - Published: 2018-01-30

Title

Adobe Flash Player越边界读取漏洞（CNVD-2018-02210）

Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在越边界读取漏洞。攻击者可利用该漏洞获取敏感数据。

Severity

中

Patch Name

Adobe Flash Player越边界读取漏洞（CNVD-2018-02210）的补丁

Patch Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在越边界读取漏洞。攻击者可利用该漏洞获取敏感数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpx.adobe.com/security/products/flash-player/apsb18-01.html

Reference

https://www.securityfocus.com/bid/102465

Impacted products

Name
Adobe Flash Player <28.0.0.137

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102465"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4871"
    }
  },
  "description": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002",
  "discovererName": "Anonymously reported via Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02210",
  "openTime": "2018-01-30",
  "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2018-02210\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Flash Player \u003c28.0.0.137"
  },
  "referenceLink": "https://www.securityfocus.com/bid/102465",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-10",
  "title": "Adobe Flash Player\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2018-02210\uff09"
}

GSD-2018-4871

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4871

Aliases

CVE-2018-4871

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4871",
    "description": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
    "id": "GSD-2018-4871",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:0081",
      "https://advisories.mageia.org/CVE-2018-4871.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4871"
      ],
      "details": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
      "id": "GSD-2018-4871",
      "modified": "2023-12-13T01:22:28.395120Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2018-4871",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Flash Player before 28.0.0.137",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Flash Player before 28.0.0.137"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
          },
          {
            "name": "RHSA-2018:0081",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0081"
          },
          {
            "name": "102465",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102465"
          },
          {
            "name": "1040155",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040155"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "28.0.0.126",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "28.0.0.126",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "28.0.0.126",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "28.0.0.126",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4871"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
            },
            {
              "name": "RHSA-2018:0081",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0081"
            },
            {
              "name": "1040155",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040155"
            },
            {
              "name": "102465",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102465"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-09-08T17:21Z",
      "publishedDate": "2018-01-09T21:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4871 (GCVE-0-2018-4871)

Solution

Solution

Tags

Sightings

Nomenclature