Vulnerability Summary for the Week of April 11, 2016 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** flash+#layer ,se*after*free vulnerability in -dobe .lash Player 2016-04-08 10.0 CVE-2016-1011 CONFIRM (link before /0.0.0.232 and /4.x through 6/.x before is external) 6/.0.1.2/2 on 7indows and 8' 9 and before //.2.616.6/: on Linu5 allows attac$ers to e5ecute arbitrary code via uns#ecified vectors, a different vulnerability than !"*61/:*/1/2, !"* 61/:*/1/:, !"*61/:*/1/;, and !"*61/:*/12/. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1012 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/161, !"*61/:*/16/, !"*61/:* /166, !"*61/:*/162, !"*61/:*/163, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer ,se*after*free vulnerability in -dobe .lash Player 2016-04-08 10.0 CVE-2016-1013 CONFIRM (link before /0.0.0.232 and /4.x through 6/.x before 6/.0.1.2/2 on 7indows and 8' 9 and before is external) //.2.616.6/: on Linu5 allows attac$ers to e5ecute arbitrary code via uns#ecified vectors, a different vulnerability than !"*61/:*/1//, !"* 61/:*/1/:, !"*61/:*/1/;, and !"*61/:*/12/. adobe ** flash+#layer ,ntrusted search #ath vulnerability in -dobe 2016-04-08 7.2 CVE-2016-1014 CONFIRM (link .lash Player before /0.0.0.332 and /4.x through is external) 6/.x before 6/.1.0.2/2 on 7indows and 8' 9 and before //.2.216.6/: on Linu5 allows local users to gain #rivileges via a Trojan horse resource in an uns#ecified directory. adobe ** flash+#layer ,se*after*free vulnerability in the Transform 2016-04-08 9.3 CVE-2016-1016 CONFIRM (link ob=ect im#lementation in -dobe .lash Player is external) before /0.0.0.232 and /4.x through 6/.x before MISC (link is 6/.0.1.2/2 on 7indows and 8' 9 and before external) //.2.616.6/: on Linu5 allows attac$ers to e5ecute arbitrary code via a flash.geom.Matri5 callbac$, a different vulnerability than !"*61/:* /1//, !"*61/:*/1/2, !"*61/:*/1/;, and !"* 61/:*/12/. adobe ** flash+#layer ,se*after*free vulnerability in the 2016-04-08 9.3 CVE-2016-1017 CONFIRM (link LoadVars.decode function in -dobe .lash Player is external) before /0.0.0.232 and /4.x through 6/.x before MISC (link is 6/.0.1.2/2 on 7indows and 8' 9 and before external) //.2.616.6/: on Linu5 allows attac$ers to e5ecute arbitrary code via uns#ecified vectors, a different vulnerability than !"*61/:*/1//, !"* 61/:*/1/2, !"*61/:*/1/:, and !"*61/:*/12/. adobe ** flash+#layer 'tac$*based buffer overflow in -dobe .lash 2016-04-08 9.3 CVE-2016-1018 CONFIRM (link Player before /0.0.0.332 and /4.x through 6/.x is external) before 6/.0.0.6/2 on 7indows and 8' 9 and MISC (link is before //.2.216.6/: on Linu5 allows attac$ers to external) e5ecute arbitrary code via crafted >P"?*9@ data. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1020 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/16/, !"*61/:* /166, !"*61/:*/162, !"*61/:*/163, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1021 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /166, !"*61/:*/162, !"*61/:*/163, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1022 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/162, !"*61/:*/163, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1023 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/163, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1024 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1025 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/163, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1026 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/163, !"*61/:*/16<, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1027 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/163, !"*61/:*/16<, !"*61/:*/16:, !"*61/:*/160, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1028 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/163, !"*61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/164, !"*61/:*/126, and !"*61/:*/122. adobe ** flash+#layer -dobe .lash Player before /0.0.0.232 and /4.x 2016-04-08 10.0 CVE-2016-1029 CONFIRM (link through 6/.x before 6/.0.0.2/2 on 7indows and is external) 8' 9 and before //.2.216.6/: on Linu5 allows attac$ers to e5ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*61/:*/1/6, !"*61/:*/161, !"*61/:* /16/, !"*61/:*/166, !"*61/:*/162, !"* 61/:*/163, !"*61/:*/16<, !"*61/:*/16:, !"*61/:*/16;, !"*61/:*/160, !"*61/:*/126, and !"*61/:*/122.