CVSS: 10.0EPSS: 97%CPEs: 97EXPL: 1CVE-2011-2110 – Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution
https://notcve.org/view.php?id=CVE-2011-2110
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. Adobe Flash Player anterior a v10.3.181.26 en Windows, Mac OS X, Linux, y Solaris, y v10.3.185.23 y anteriores sobre Android, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, como se explotó en Junio 2011. • https://www.exploit-db.com/exploits/19295 http://secunia.com/advisories/44924 http://secunia.com/advisories/44941 http://secunia.com/advisories/44950 http://secunia.com/advisories/44964 http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-18.html http://www.redhat.com/support/errata/RHSA-2011-0869.html http://www.securitytracker.com/id?1025651 http://www.us-cert.gov/cas/techalerts/TA11-166A.html https://exchange.xforce.ibmcloud.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0CVE-2011-2107 – flash-plugin: Cross-site scripting vulnerability (APSB11-13)
https://notcve.org/view.php?id=CVE-2011-2107
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player anteriores a v10.3.181.22 en Windows, Mac OS X, Linux, y Solaris, y v10.3.185.22 y anteriores en Android, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos, relacionado con "vulnerabilidad universal de ejecución de comandos en sitios cruzados". • http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html http://secunia.com/advisories/44846 http://secunia.com/advisories/44847 http://secunia.com/advisories/44871 http://secunia.com/advisories/44872 http://secunia.com/advisories/44946 http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-13.html http://www.blackberry.com/btsc/KB27240 http://www.redhat.com/support/errata/RHSA-2011-0850.html http://www.securityfocus.com/bid&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4785
https://notcve.org/view.php?id=CVE-2010-4785
The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID. La función do_extendedOp en ibmslapd en IBM Tivoli Directory Server (TDS) v6.0 anterior a v6.0.0.62 (también conocida como 6.0.0.8-ITV-ITDS-IF0004) en Linux, Solaris y Windows permite a usuarios remotos autenticados causar una denegación de servicio (ABEND) a través de una operación extentida sobre una petición LDAP mal construida que activa ciertas comparaciones que implican la operación NULL OID. • http://www.ibm.com/support/docview.wss?uid=swg1IO11814 http://www.ibm.com/support/docview.wss?uid=swg24029672 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3647 – flash-plugin: security bulletin APSB10-26
https://notcve.org/view.php?id=CVE-2010-3647
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Vulnerabilidad no especificada en Adobe Flash Player anterior a v9.0.289.0 y v10.x anterior a v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad diferente que CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, y CVE-2010-3652. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42183 http://secunia.com/advisories/42926 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http:// •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3646 – flash-plugin: security bulletin APSB10-26
https://notcve.org/view.php?id=CVE-2010-3646
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Vulnerabilidad no especificada en Adobe Flash Player en versiones anteriores a la 9.0.289.0 y 10.x en versiones anteriores a la 10.1.102.64 en Windows, Mac OS X, Linux y Solaris, y 10.1.95.1 en Android, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650 y CVE-2010-3652. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42183 http://secunia.com/advisories/42926 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http:// •