CVE-2010-2215 – flash-plugin: multiple security flaws (APSB10-16)
https://notcve.org/view.php?id=CVE-2010-2215
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue. Adobe Flash Player anterior v9.0.280 y v10.x anterior v10.1.82.76, y Adobe AIR anterior v2.0.3, permite a atacantes engañar a usuarios en (1) la selección de un enlace o (2) completar un diálogo, relacionado con el tema "click-jacking". • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://marc.info/?l=bugtraq&m=128767780602751&w=2 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http://www.adobe.com/support/security/bulletins/apsb10-16.html http://www.securityfocus.com/bid/42361 http://www.securitytracker.com/id?1024621 http://www.vupen.com/english/advisories/2011/0192 https://oval.cisecurity.org/rep •
CVE-2010-2213 – flash-plugin: multiple security flaws (APSB10-16)
https://notcve.org/view.php?id=CVE-2010-2213
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216. Adobe Flash Player anterior v9.0.280 y v10.x anterior v10.1.82.76, y Adobe AIR anterior v2.0.3, permite a atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-0209, CVE-2010-2214, y CVE-2010-2216. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://marc.info/?l=bugtraq&m=128767780602751&w=2 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http://www.adobe.com/support/security/bulletins/apsb10-16.html http://www.securityfocus.com/bid/42364 http://www.securitytracker.com/id?1024621 http://www.vupen.com/english/advisories/2011/0192 https://oval.cisecurity.org/rep • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-2214 – flash-plugin: multiple security flaws (APSB10-16)
https://notcve.org/view.php?id=CVE-2010-2214
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216. Adobe Flash Player anterior a v9.0.280 y v10.x anterior a v10.1.82.76, y Adobe AIR anterior a v2.0.3, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (consumo de memoria) a través de vectores sin especificar, una vulnerabilidad diferente que CVE-2010-0209, CVE-2010-2213, y CVE-2010-2216. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://marc.info/?l=bugtraq&m=128767780602751&w=2 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http://www.adobe.com/support/security/bulletins/apsb10-16.html http://www.securityfocus.com/bid/42358 http://www.securitytracker.com/id?1024621 http://www.vupen.com/english/advisories/2011/0192 https://oval.cisecurity.org/rep • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •
CVE-2010-0187 – Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
https://notcve.org/view.php?id=CVE-2010-0187
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. Adobe Flash Player en versiones anteriores a la v10.0.45.2 y Adobe AIR en versiones anteriores a la v1.5.3.9130 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero SWF modificado. • https://www.exploit-db.com/exploits/11182 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://sebug.net/exploit/18967 http://secunia.com/advisories/38547 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.co • CWE-94: Improper Control of Generation of Code ('Code Injection') •