CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1863 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1863
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." Vulnerabilidad no especificada en Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados, relacionados con una vulnerabilidad de escalada de privilegios. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 47%CPEs: 40EXPL: 1CVE-2009-1869 – Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-1869
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. Desbordamiento de entero en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • https://www.exploit-db.com/exploits/33134 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56777 http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security. • CWE-189: Numeric Errors •
CVSS: 5.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56775 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •
CVSS: 9.3EPSS: 25%CPEs: 38EXPL: 0CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)
https://notcve.org/view.php?id=CVE-2009-0519
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fichero Shockwave Flash (también conocido como .swf). • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909& • CWE-20: Improper Input Validation •