CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •
CVSS: 4.3EPSS: 88%CPEs: 53EXPL: 2CVE-2010-0187 – Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
https://notcve.org/view.php?id=CVE-2010-0187
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. Adobe Flash Player en versiones anteriores a la v10.0.45.2 y Adobe AIR en versiones anteriores a la v1.5.3.9130 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero SWF modificado. • https://www.exploit-db.com/exploits/11182 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://sebug.net/exploit/18967 http://secunia.com/advisories/38547 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.co • CWE-94: Improper Control of Generation of Code ('Code Injection') •