CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3641 – flash-plugin: security bulletin APSB10-26
https://notcve.org/view.php?id=CVE-2010-3641
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Vulnerabilidad no especificada en Adobe Flash Player anterior v9.0.289.0 y v10.x anterior v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, permite 00a atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, y CVE-2010-3652. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42183 http://secunia.com/advisories/42926 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http:// •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2010-3636 – flash-plugin: security bulletin APSB10-26
https://notcve.org/view.php?id=CVE-2010-3636
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. Adobe Flash Player anterior v9.0.289.0 y v10.x anterior a v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, no maneja adecuadamente codificaciones no especificadas durante el parseo de los ficheros de políticas de cruce de dominios, lo que permite a servidores web remotos evitar las restricciones de acceso a través de vectores no especificados. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://jvn.jp/en/jp/JVN48425028/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42183 http://secunia.com/advisories/42926 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 14%CPEs: 3EXPL: 0CVE-2010-3637
https://notcve.org/view.php?id=CVE-2010-3637
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. Un control ActiveX no especificados en Adobe Flash Player anterior a versión 9.0.289.0 y versión 10.x anterior a 10.1.102.64 (Flash10h.ocx) en Windows permiten que los atacantes remotos ejecuten códigos arbitrarios o causen una denegación de servicio (corrupción de memoria) por medio de un video FLV creado. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42926 http://www.adobe.com/support/security/bulletins/apsb10-26.html http://www.securityfocus.com/archive/1/514652/100/0/threaded http://www.securityfocus.com/bid/44690 http://www.vupen.com/english/advisories/2010/2903 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 156EXPL: 4CVE-2010-3654 – Adobe Flash Player "Button" Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, Mac OS X, Linux y Solaris y versión 10.1.95.1 en Android, y authplay.dll (también se conoce como AuthPlayLib.bundle o libauthplay.so.0.0.0) en Reader y Acrobat de Adobe versiones 9.x hasta 9.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de contenido SWF diseñado, como se explotó “in the wild” en octubre de 2010. • https://www.exploit-db.com/exploits/17187 https://www.exploit-db.com/exploits/16667 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2010-3975
https://notcve.org/view.php?id=CVE-2010-3975
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Flash Player 9 permite a usuarios locales y posiblemente a atacantes remotos, ejecutar código de su elección y llevar a cabo un ataque de secuestro de DLL a través de un caballo de Troya a schannel.dll que se encuentra en la misma carpeta que el archivo procesado por Flash. • http://www.securityfocus.com/archive/1/513397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12212 •