CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2008-4820
https://notcve.org/view.php?id=CVE-2008-4820
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el control ActiveX de Flash Player en Adobe Flash Player v9.0.124.0 y anteriores para Windows; permite a los atacantes obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= http://www.adobe.com/support/security/bulletins/apsb08-20.html http://www.securityfocus.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 5%CPEs: 20EXPL: 0CVE-2008-4819 – Flash Player DNS rebind attack
https://notcve.org/view.php?id=CVE-2008-4819
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no específica en Adobe Flash Player v9.0.124.0 y anteriores, facilitan a atacantes remotos conducir ataques de revinvulación DNS, mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2008-4821 – jar: protocol handler
https://notcve.org/view.php?id=CVE-2008-4821
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player 9.0.124.0 y anteriores, cuando se usa un navegador de Mozilla, no interpreta adecuadamente URLs jar:, lo que permite a atacantes obtener información sensible mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 2%CPEs: 20EXPL: 0CVE-2008-4822 – Flash Player policy file interpretation flaw
https://notcve.org/view.php?id=CVE-2008-4822
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. Adobe Flash Player v9.0.124.0 y anteriores no interpretan de forma adecuada los ficheros de políticas, lo que permite a atacantes remotos saltarse la política de dominio “non-root” • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 20EXPL: 0CVE-2008-4401 – flash-plugin: upload/download user interaction
https://notcve.org/view.php?id=CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file. ActionScript en Adobe Flash Player 9.0.124.0 y anteriores no requiere interacción del usuario en conjunción con (1) la operación FileReference.browse en la API de subida FileReference upload o (2) la operación FileReference.download en la API de descarga FileReference, lo que permite a atacantes remotos crear un cuadro de diálogo de exploración y ,posiblemente tener otro impacto no especificado, mediante un fichero SWF. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32270 http://secunia.com/advisories/32448 http://secunia.com/advisories/32702 http://secunia.com/advisories/32759 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securitytracker.com/id?1021061 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.avaya.com/elmodocs2/ • CWE-264: Permissions, Privileges, and Access Controls •