CVE-2009-3793 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2009-3793
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, permite a los atacantes provocar una denegación de servicio (consumo de memoria) o puede que ejecutar código de su elección a través de vectores desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-399: Resource Management Errors •
CVE-2010-2166 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2166
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. Adobe Flash Player v9.0.277.0 y v10.x antes de v10.1.53.64, y Adobe AIR antes de v2.0.2.12610, permiten a atacantes provocar una denegación de servicio (mediante corrupción de memoria) o posiblemente ejecutar código arbitrario a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE -2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010 -2182, CVE-2010-2184, CVE-2010-2187, y CVE-2010-2188. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2171 – Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2171
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, permite a atacantes provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, y CVE-2010-2188. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2185 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2185
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búffer basado en pila en Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, podría permitir a atacantes ejecutar código de su elección a través de vectores sin especificar. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2162 – Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2162
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms. Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, permite a los atacantes causar una denegación de servicio (corrupción de la memoria dinámica) o la posible ejecución de código a su elección a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing embedded MP4 files. When handling the STSC, STSZ, and STCO atoms the player can be made to improperly calculate length values later used as size parameters during memory copy operations. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •