{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "1036117", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036117"}, {"name": "MS16-083", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"}, {"name": "openSUSE-SU-2016:1625", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"}, {"name": "RHSA-2016:1238", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1238"}, {"name": "openSUSE-SU-2016:1621", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"}, {"name": "SUSE-SU-2016:1613", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-4149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036117", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036117"}, {"name": "MS16-083", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"}, {"name": "openSUSE-SU-2016:1625", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"}, {"name": "RHSA-2016:1238", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1238"}, {"name": "openSUSE-SU-2016:1621", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"}, {"name": "SUSE-SU-2016:1613", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:17:31.273Z"}, "title": "CVE Program Container", "references": [{"name": "1036117", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036117"}, {"name": "MS16-083", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"}, {"name": "openSUSE-SU-2016:1625", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"}, {"name": "RHSA-2016:1238", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1238"}, {"name": "openSUSE-SU-2016:1621", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"}, {"name": "SUSE-SU-2016:1613", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-4149", "datePublished": "2016-06-16T14:00:00", "dateReserved": "2016-04-27T00:00:00", "dateUpdated": "2024-08-06T00:17:31.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC2F8B78-73CC-44EC-BACF-A2878252992B", "versionEndIncluding": "21.0.0.242", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "363B5A6C-BEE3-4141-8CDD-C1EA06FAD441", "versionEndIncluding": "11.2.202.621", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*", "matchCriteriaId": "80E80DEC-4724-49F4-BD19-4687A83CA56E", "versionEndIncluding": "18.0.0.352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "matchCriteriaId": "E51D60E3-00C6-459E-B2B9-CA7E25D02FDA", "versionEndIncluding": "21.0.0.242", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*", "matchCriteriaId": "AEBB9124-E2D5-435E-A59A-9B250374ABD6", "versionEndIncluding": "21.0.0.242", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "39AF0D5D-0C43-4290-B815-19DB07A2FC1A", "versionEndIncluding": "21.0.0.242", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librer\u00edas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083."}], "id": "CVE-2016-4149", "lastModified": "2023-01-30T18:14:37.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-16T14:59:31.407", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036117"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1238"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:1238", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:11.2.202.626-1.el5_11", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-06-17T00:00:00Z"}, {"advisory": "RHSA-2016:1238", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:11.2.202.626-1.el6_8", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-06-17T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: multiple code execution issues fixed in APSB16-18", "id": "1346665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346665"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."], "name": "CVE-2016-4149", "public_date": "2016-06-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4149\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4149\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-03.html\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-18.html"], "threat_severity": "Critical", "upstream_fix": "flash-plugin 11.2.202.626"}