{"containers": {"cna": {"affected": [{"product": "Adobe Flash Player", "vendor": "Adobe", "versions": [{"status": "affected", "version": "32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier versions"}]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Use After Free ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-06T13:37:40", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"}, {"name": "GLSA-202006-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202006-09"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Adobe Flash Player", "version": {"version_data": [{"version_value": "32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier versions"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use After Free "}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"}, {"name": "GLSA-202006-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202006-09"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:34:39.943Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"}, {"name": "GLSA-202006-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202006-09"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-9633", "datePublished": "2020-06-12T13:17:20", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:34:39.943Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C63292D-C07C-4532-BF29-3D294BF50887", "versionEndIncluding": "32.0.0.371", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "039A7D78-45CE-47BF-AEC8-884087EE6E45", "versionEndIncluding": "32.0.0.371", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "matchCriteriaId": "C0D84695-05A2-4DA6-95D0-852538E33EDC", "versionEndIncluding": "32.0.0.330", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*", "matchCriteriaId": "C77C42BD-FD48-4119-AE5D-C6510B1AF32D", "versionEndIncluding": "32.0.0.330", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."}, {"lang": "es", "value": "Adobe Flash Player Desktop Runtime versiones 32.0.0.371 y anteriores, Adobe Flash Player para Google Chrome versiones 32.0.0.371 y anteriores, y Adobe Flash Player para Microsoft Edge y Internet Explorer versiones 32.0.0.330 y anteriores presentan una vulnerabilidad de un uso de la memoria previamente liberada. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2020-9633", "lastModified": "2024-11-21T05:41:00.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-12T14:15:11.450", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202006-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202006-09"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2547", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:32.0.0.387-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2020-06-15T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: Arbitrary Code Execution vulnerability (APSB20-30)", "id": "1845700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845700"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.", "A use-after-free flaw was found in the Adobe Flash Player. This flaw an attacker to perform arbitrary code execution when the Flash player is used to play a specially crafted SWF file. The highest threat from this vulnerability is to confidentiality, integrity and system availability."], "name": "CVE-2020-9633", "public_date": "2020-06-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-9633\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9633\nhttps://helpx.adobe.com/security/products/flash-player/apsb20-30.html"], "threat_severity": "Critical", "upstream_fix": "flash-plugin 32.0.0.387"}