CVSS: 9.3EPSS: 64%CPEs: 4EXPL: 0CVE-2009-1862 – Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2009-1862
23 Jul 2009 — Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009. Vulnerabilidad sin especificar en Adobe Reader , Acrobat de la v9.x a la v9.1.2 y Adobe Flash Player v9.x a la v9.0.159.0 y... • http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 39EXPL: 0CVE-2009-0114
https://notcve.org/view.php?id=CVE-2009-0114
26 Feb 2009 — Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." Una vulnerabilidad no especificada en Administrador de configuración de Adobe Flash Player 9.x antes de 9.0.159.0, 10.x antes de 10.0.22.87 y, posiblemente otras versiones, permite a atacantes remotos engañar a un usu... • http://isc.sans.org/diary.html?storyid=5929 •
CVSS: 9.3EPSS: 66%CPEs: 38EXPL: 1CVE-2009-0520 – Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-0520
26 Feb 2009 — Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar ar... • https://www.exploit-db.com/exploits/32811 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 38EXPL: 0CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)
https://notcve.org/view.php?id=CVE-2009-0519
26 Feb 2009 — Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fi... • http://isc.sans.org/diary.html?storyid=5929 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
26 Feb 2009 — Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relaci... • http://isc.sans.org/diary.html?storyid=5929 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5361
https://notcve.org/view.php?id=CVE-2008-5361
08 Dec 2008 — The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. La máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y en v9.x anteriores a v9.0.151.0, y ... • http://secunia.com/advisories/33390 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5362
https://notcve.org/view.php?id=CVE-2008-5362
08 Dec 2008 — The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. La acción "DefineConstantPool" en la máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, acept... • http://secunia.com/advisories/33390 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-5363
https://notcve.org/view.php?id=CVE-2008-5363
08 Dec 2008 — The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. La máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y en v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, n... • http://secunia.com/advisories/33390 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 54%CPEs: 2EXPL: 0CVE-2008-4824
https://notcve.org/view.php?id=CVE-2008-4824
17 Nov 2008 — Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." Múltiples vulnerabilidades no especificadas en Adobe Flash Player 10.x versiones anteriores a v10.0.12.36 y 9.x versiones anteriores a v9.0.151.0 • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2008-4821 – jar: protocol handler
https://notcve.org/view.php?id=CVE-2008-4821
10 Nov 2008 — Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player 9.0.124.0 y anteriores, cuando se usa un navegador de Mozilla, no interpreta adecuadamente URLs jar:, lo que permite a atacantes obtener información sensible mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •