CVSS: 9.8EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3796 – flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
https://notcve.org/view.php?id=CVE-2009-3796
10 Dec 2009 — Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 podría permitir a atacantes ejecutar código arbitrario a través de vectores sin especificar, relacionado con la "vulnerabilidad de inyección de datos". • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 48EXPL: 0CVE-2009-3951
https://notcve.org/view.php?id=CVE-2009-3951
10 Dec 2009 — Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. Vulnerabilidad sin especificar en el control ActiveX de Flash Player en Adobe Flash Player en versiones anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 en Windows permite a atacantes remotos obtener los ... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3800 – flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
https://notcve.org/view.php?id=CVE-2009-3800
10 Dec 2009 — Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html •
CVSS: 9.3EPSS: 89%CPEs: 46EXPL: 0CVE-2009-3794 – Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3794
09 Dec 2009 — Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. Desbordamiento del búfer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de las dimensiones manipuladas de datos JPEG en un fichero SWF. This vulnerability allows remote attackers to execute arbitrary code on v... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 46%CPEs: 46EXPL: 0CVE-2009-3799 – Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3799
09 Dec 2009 — Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." Desbordamiento de entero en la funcion Verifier::parseExceptionHandlers en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecut... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1863 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1863
31 Jul 2009 — Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." Vulnerabilidad no especificada en Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicaci... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 17%CPEs: 40EXPL: 1CVE-2009-1869 – Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-1869
31 Jul 2009 — Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. Desbordamiento de entero en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR version... • https://www.exploit-db.com/exploits/33134 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 1CVE-2009-1868 – Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1868
31 Jul 2009 — Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de ser... • https://www.exploit-db.com/exploits/33133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1865 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1865
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalizar la aplicación) o posiblemente ejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html •