CVSS: 9.3EPSS: 66%CPEs: 38EXPL: 1CVE-2009-0520 – Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-0520
26 Feb 2009 — Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar ar... • https://www.exploit-db.com/exploits/32811 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 38EXPL: 0CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)
https://notcve.org/view.php?id=CVE-2009-0519
26 Feb 2009 — Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fi... • http://isc.sans.org/diary.html?storyid=5929 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
26 Feb 2009 — Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relaci... • http://isc.sans.org/diary.html?storyid=5929 •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2008-4821 – jar: protocol handler
https://notcve.org/view.php?id=CVE-2008-4821
10 Nov 2008 — Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player 9.0.124.0 y anteriores, cuando se usa un navegador de Mozilla, no interpreta adecuadamente URLs jar:, lo que permite a atacantes obtener información sensible mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 2%CPEs: 20EXPL: 0CVE-2008-4822 – Flash Player policy file interpretation flaw
https://notcve.org/view.php?id=CVE-2008-4822
10 Nov 2008 — Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. Adobe Flash Player v9.0.124.0 y anteriores no interpretan de forma adecuada los ficheros de políticas, lo que permite a atacantes remotos saltarse la política de dominio “non-root” • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-4818 – Flash Player XSS
https://notcve.org/view.php?id=CVE-2008-4818
10 Nov 2008 — Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a través de vectores envueltos en cabeceras de respuesta HTTP. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2008-4820
https://notcve.org/view.php?id=CVE-2008-4820
10 Nov 2008 — Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el control ActiveX de Flash Player en Adobe Flash Player v9.0.124.0 y anteriores para Windows; permite a los atacantes obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 20EXPL: 0CVE-2008-4823 – Flash Player HTML injection flaw
https://notcve.org/view.php?id=CVE-2008-4823
10 Nov 2008 — Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores relacionados con una interpretación perdida de un atributo ActionScript. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 20EXPL: 0CVE-2008-4819 – Flash Player DNS rebind attack
https://notcve.org/view.php?id=CVE-2008-4819
10 Nov 2008 — Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no específica en Adobe Flash Player v9.0.124.0 y anteriores, facilitan a atacantes remotos conducir ataques de revinvulación DNS, mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2008-4401 – flash-plugin: upload/download user interaction
https://notcve.org/view.php?id=CVE-2008-4401
17 Oct 2008 — ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file. ActionScript en Adobe Flash Player 9.0.124.0 y anteriores no requiere interacción del usuario en conjunción con (1) la operación ... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •