Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

CVE-2017-7374

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

**Release date:** March 14, 2017

**Last updated:** April 13, 2017

**Vulnerability identifier:** APSB17-07

**Priority:** See table below

**CVE number**: CVE-2017-2994, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

**Platform**: Windows, Macintosh, Linux and Chrome OS

CVE-2017-3000: Adobe Security Bulletin

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

**Release date:** February 14, 2017

**Last updated:** April 13, 2017

**Vulnerability identifier:** APSB17-04

**Priority:** See table below

**CVE number**: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2995, CVE-2017-2996

**Platform**: Windows, Macintosh, Linux and Chrome OS

CVE-2017-2994: Adobe Security Bulletin

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download.
EMET 5.52 is a minor update from EMET 5.51 to address the following:
An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to allow in-place upgrade behavior.

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download.

EMET 5.52 is a minor update from EMET 5.51 to address the following:

*   An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1.
*   A fix to the MSI installer to allow in-place upgrade behavior.
*   Removed EAF+ mitigation for Chrome from “Popular Software.xml”
*   Fixed import behavior for System Mitigations.

EMET 5.52 and the updated user’s guide can be found by following the links on the EMET home page.

EMET 5.52 update is now available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.

**Release date:** January 10, 2017

**Vulnerability identifier:** APSB17-02

**Priority:** See table below

**CVE number**: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938

**Platform:** Windows, Macintosh, Linux and Chrome OS

CVE-2017-2932: Adobe Security Bulletin

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.

**Release date:** December 13, 2016

**Last updated:** December 14, 2016

**Vulnerability identifier:** APSB16-39

**Priority:** See table below

**CVE number**: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892

**Platform:** Windows, Macintosh, Linux and Chrome OS

CVE-2016-7880: Adobe Security Bulletin

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987.

**Release date:** October 11, 2016

**Vulnerability identifier:** APSB16-32

**Priority:** See table below

**CVE number**: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

**Platform:** Windows, Macintosh, Linux and ChromeOS

CVE-2016-6981: Adobe Security Bulletin

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

CVE-2016-5180: Stable Channel Update for Chrome OS

Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.

**Release date:** September 13, 2016

**Last updated:** October 4, 2016

**Vulnerability identifier:** APSB16-29

**Priority:** See table below

**CVE number**: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932

**Platform:** Windows, Macintosh, Linux and ChromeOS

CVE-2016-4287: Adobe Security Bulletin

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.

**Release date:** July 12, 2016

**Last updated:** October 3, 2016

**Vulnerability identifier:** APSB16-25

**Priority:** See table below

**CVE number**: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249, CVE-2016-7020

**Platform:** Windows, Macintosh, Linux and ChromeOS

Tag

#chrome