CVSS: 9.8EPSS: 17%CPEs: 40EXPL: 1CVE-2009-1869 – Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-1869
31 Jul 2009 — Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. Desbordamiento de entero en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR version... • https://www.exploit-db.com/exploits/33134 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 1CVE-2009-1868 – Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1868
31 Jul 2009 — Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de ser... • https://www.exploit-db.com/exploits/33133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1865 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1865
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalizar la aplicación) o posiblemente ejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1870 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1870
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes obtengan información sensible mediante vectores involucrados con el almacenamiento de un fichero SWF en el disco duro... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1866 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1866
31 Jul 2009 — Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de aplicación) o posibl... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
31 Jul 2009 — Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplica... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 39EXPL: 0CVE-2009-0114
https://notcve.org/view.php?id=CVE-2009-0114
26 Feb 2009 — Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." Una vulnerabilidad no especificada en Administrador de configuración de Adobe Flash Player 9.x antes de 9.0.159.0, 10.x antes de 10.0.22.87 y, posiblemente otras versiones, permite a atacantes remotos engañar a un usu... • http://isc.sans.org/diary.html?storyid=5929 •
CVSS: 9.3EPSS: 66%CPEs: 38EXPL: 1CVE-2009-0520 – Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-0520
26 Feb 2009 — Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar ar... • https://www.exploit-db.com/exploits/32811 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 38EXPL: 0CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)
https://notcve.org/view.php?id=CVE-2009-0519
26 Feb 2009 — Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fi... • http://isc.sans.org/diary.html?storyid=5929 • CWE-20: Improper Input Validation •