Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-4546 (GCVE-0-2008-4546)
Vulnerability from cvelistv5 – Published: 2008-10-14 15:00 – Updated: 2024-08-07 10:17
VLAI
EPSS
Summary
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public
2008-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:10.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4401",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4401"
},
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "RHSA-2010:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "oval:org.mitre.oval:def:7187",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "1024085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"name": "ADV-2010-1434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "adobe-flash-version-dos(45630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"name": "TLSA-2010-19",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "RHSA-2010:0470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "oval:org.mitre.oval:def:16302",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "31537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "ADV-2010-1453",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4401",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4401"
},
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "RHSA-2010:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "oval:org.mitre.oval:def:7187",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "1024085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"name": "ADV-2010-1434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "adobe-flash-version-dos(45630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"name": "TLSA-2010-19",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "RHSA-2010:0470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "oval:org.mitre.oval:def:16302",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "31537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "ADV-2010-1453",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4401",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4401"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "oval:org.mitre.oval:def:7187",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "adobe-flash-version-dos(45630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "http://www.mochimedia.com/~matthew/flashcrash/",
"refsource": "MISC",
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "oval:org.mitre.oval:def:16302",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "31537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4546",
"datePublished": "2008-10-14T15:00:00.000Z",
"dateReserved": "2008-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:10.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-4546",
"date": "2026-05-27",
"epss": "0.35513",
"percentile": "0.9713"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-4546\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-10-14T15:28:16.723\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, y 10.0.12.10 permite a los servidores web remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y finalizaci\u00f3n de la aplicaci\u00f3n) devolviendo una respuesta inapropiada cuando una solicitud HTTP se env\u00eda por segunda vez, como lo demuestran las respuestas que proporcionan dos ficheros SWF con n\u00fameros de versi\u00f3n SWF diferentes.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"}]}]}],\"references\":[{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32759\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40545\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4401\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1024085\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1024086\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mochimedia.com/~matthew/flashcrash/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0464.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0470.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/496929/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31537\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1421\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1432\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1434\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1453\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1482\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1522\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1793\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45630\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1024085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1024086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mochimedia.com/~matthew/flashcrash/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0464.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0470.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/496929/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2010-AVI-261
Vulnerability from certfr_avis - Published: 2010-06-11 - Updated: 2010-06-11
Plusieurs vulnérabilités dans Adobe Flash Player permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitrarie à distance.
Description
Plusieurs vulnérabilités, dont celle traitée dans le bulletin d'alerte CERTA-2010-ALE-007, ont été corrigées par l'éditeur Adobe. Leur exploitation permet à une personne malveillante de provoquer un déni de service ou d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player 10.0.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, dont celle trait\u00e9e dans le bulletin d\u0027alerte\nCERTA-2010-ALE-007, ont \u00e9t\u00e9 corrig\u00e9es par l\u0027\u00e9diteur Adobe. Leur\nexploitation permet \u00e0 une personne malveillante de provoquer un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
}
],
"initial_release_date": "2010-06-11T00:00:00",
"last_revision_date": "2010-06-11T00:00:00",
"links": [
{
"title": "Bulletin d\u0027alerte CERTA-2010-ALE-007 du 05 juin 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-007"
}
],
"reference": "CERTA-2010-AVI-261",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitrarie \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-14 du 10 juin 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
}
]
}
CERTA-2010-AVI-317
Vulnerability from certfr_avis - Published: 2010-07-16 - Updated: 2010-07-16
De nombreuses vulnérabilités dans des produits HP Insight ont été corrigées, dont certaines permettant l'exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités dans des produits HP Insight ont été corrigées. Elles sont de natures différentes pouvant aller jusqu'à l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | HP Insight Manager 4.x, 5.X et 6.x ; | ||
| N/A | N/A | HP Insight Orchestration 6.x ; | ||
| N/A | N/A | HP Insight Control Suite For Linux(ICE-Linux) 2.x et 6.x. | ||
| N/A | N/A | HP Insight Software Integrated Installer 6.x ; | ||
| N/A | N/A | HP Virtual Connect Enterprise Manager 6.x ; | ||
| N/A | N/A | HP Insight Control 6.x ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Insight Manager 4.x, 5.X et 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Orchestration 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Control Suite For Linux(ICE-Linux) 2.x et 6.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Software Integrated Installer 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Virtual Connect Enterprise Manager 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Control 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans des produits HP Insight ont \u00e9t\u00e9 corrig\u00e9es.\nElles sont de natures diff\u00e9rentes pouvant aller jusqu\u0027\u00e0 l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1129"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2009-1524",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1524"
},
{
"name": "CVE-2010-0090",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0090"
},
{
"name": "CVE-2010-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0840"
},
{
"name": "CVE-2010-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0846"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2008-5110",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5110"
},
{
"name": "CVE-2010-0844",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0844"
},
{
"name": "CVE-2010-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0841"
},
{
"name": "CVE-2010-0845",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0845"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2009-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0692"
},
{
"name": "CVE-2010-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1967"
},
{
"name": "CVE-2010-0089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0089"
},
{
"name": "CVE-2010-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0847"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2010-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1968"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1969"
},
{
"name": "CVE-2010-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0843"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0839"
},
{
"name": "CVE-2010-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0849"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0093"
},
{
"name": "CVE-2010-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0848"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-0092",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0092"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1971"
},
{
"name": "CVE-2007-5497",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5497"
},
{
"name": "CVE-2010-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0085"
},
{
"name": "CVE-2010-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0095"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2010-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1970"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0091"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1965"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0084"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0088"
},
{
"name": "CVE-2010-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0842"
},
{
"name": "CVE-2010-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0837"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0094"
},
{
"name": "CVE-2010-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0082"
},
{
"name": "CVE-2010-0087",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0087"
},
{
"name": "CVE-2007-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2452"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2009-1523",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1523"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"name": "CVE-2010-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0838"
},
{
"name": "CVE-2010-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0850"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
},
{
"name": "CVE-2010-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1966"
}
],
"initial_release_date": "2010-07-16T00:00:00",
"last_revision_date": "2010-07-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02550 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02550"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02551 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02551"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02554 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02554"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02548 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02548"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02549 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02549"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02547 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02547"
}
],
"reference": "CERTA-2010-AVI-317",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s dans des produits HP Insight ont \u00e9t\u00e9\ncorrig\u00e9es, dont certaines permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Insight",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 HP Insight",
"url": null
}
]
}
CERTA-2010-AVI-548
Vulnerability from certfr_avis - Published: 2010-11-12 - Updated: 2010-11-12
De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :
- AFP Server ;
- AppKit ;
- ATS ;
- CFNetwork ;
- CoreGraphics ;
- CoreText ;
- Directory Services ;
- diskdev_cmds ;
- Disk Images ;
- Image Capture ;
- ImageIO ;
- Image RAW ;
- Kernel ;
- Networking ;
- Password Server ;
- Printing ;
- QuickLook ;
- QuickTime ;
- Safari ;
- Time Machine ;
- Wiki Server ;
- xar.
Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, CUPS, Flash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.
Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n- AFP Server ;\n- AppKit ;\n- ATS ;\n- CFNetwork ;\n- CoreGraphics ;\n- CoreText ;\n- Directory Services ;\n- diskdev_cmds ;\n- Disk Images ;\n- Image Capture ;\n- ImageIO ;\n- Image RAW ;\n- Kernel ;\n- Networking ;\n- Password Server ;\n- Printing ;\n- QuickLook ;\n- QuickTime ;\n- Safari ;\n- Time Machine ;\n- Wiki Server ;\n- xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2010-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
},
{
"name": "CVE-2009-4134",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
},
{
"name": "CVE-2010-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
},
{
"name": "CVE-2010-3788",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
},
{
"name": "CVE-2010-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
},
{
"name": "CVE-2010-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
},
{
"name": "CVE-2010-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
},
{
"name": "CVE-2010-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
},
{
"name": "CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"name": "CVE-2010-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
},
{
"name": "CVE-2010-2499",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
},
{
"name": "CVE-2010-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
},
{
"name": "CVE-2010-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2010-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2010-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
},
{
"name": "CVE-2010-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
},
{
"name": "CVE-2010-1845",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
},
{
"name": "CVE-2010-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
},
{
"name": "CVE-2010-3654",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
},
{
"name": "CVE-2010-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
},
{
"name": "CVE-2010-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
},
{
"name": "CVE-2010-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
},
{
"name": "CVE-2010-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
},
{
"name": "CVE-2010-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
},
{
"name": "CVE-2010-1842",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2010-3650",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
},
{
"name": "CVE-2010-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
},
{
"name": "CVE-2010-2497",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
},
{
"name": "CVE-2010-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2009-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
},
{
"name": "CVE-2010-1850",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
},
{
"name": "CVE-2010-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
},
{
"name": "CVE-2010-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-1831",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
},
{
"name": "CVE-2010-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
},
{
"name": "CVE-2010-3790",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
},
{
"name": "CVE-2010-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
},
{
"name": "CVE-2010-1450",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
},
{
"name": "CVE-2010-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
},
{
"name": "CVE-2010-2498",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
},
{
"name": "CVE-2010-4010",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
},
{
"name": "CVE-2010-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
},
{
"name": "CVE-2010-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
},
{
"name": "CVE-2010-1847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
},
{
"name": "CVE-2010-1841",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2010-1828",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
},
{
"name": "CVE-2010-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
},
{
"name": "CVE-2010-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-2941",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-2884",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
},
{
"name": "CVE-2010-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
},
{
"name": "CVE-2010-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
},
{
"name": "CVE-2010-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-1843",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
},
{
"name": "CVE-2010-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
},
{
"name": "CVE-2010-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
},
{
"name": "CVE-2010-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-3787",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
},
{
"name": "CVE-2010-1832",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
},
{
"name": "CVE-2009-0946",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2009-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
},
{
"name": "CVE-2010-3053",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
},
{
"name": "CVE-2010-3789",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
},
{
"name": "CVE-2010-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
},
{
"name": "CVE-2010-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2010-3054",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-3648",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
},
{
"name": "CVE-2010-3791",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
},
{
"name": "CVE-2010-1449",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
},
{
"name": "CVE-2010-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
},
{
"name": "CVE-2010-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
},
{
"name": "CVE-2010-1830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
},
{
"name": "CVE-2010-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
},
{
"name": "CVE-2010-2216",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
},
{
"name": "CVE-2010-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
},
{
"name": "CVE-2009-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
},
{
"name": "CVE-2010-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
},
{
"name": "CVE-2010-2500",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
},
{
"name": "CVE-2010-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
},
{
"name": "CVE-2009-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2010-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
},
{
"name": "CVE-2010-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
},
{
"name": "CVE-2010-3785",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"name": "CVE-2010-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
},
{
"name": "CVE-2010-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
}
],
"initial_release_date": "2010-11-12T00:00:00",
"last_revision_date": "2010-11-12T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-548",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
"url": "http://support.apple.com/kb/HT4435"
}
]
}
FKIE_CVE-2008-4546
Vulnerability from fkie_nvd - Published: 2008-10-14 15:28 - Updated: 2026-04-23 00:35
Severity
Summary
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | flash_player | 9.0.45.0 | |
| adobe | flash_player | 9.0.112.0 | |
| adobe | flash_player | 9.0.115.0 | |
| adobe | flash_player | 10.0.12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
"matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
},
{
"lang": "es",
"value": "Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, y 10.0.12.10 permite a los servidores web remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y finalizaci\u00f3n de la aplicaci\u00f3n) devolviendo una respuesta inapropiada cuando una solicitud HTTP se env\u00eda por segunda vez, como lo demuestran las respuestas que proporcionan dos ficheros SWF con n\u00fameros de versi\u00f3n SWF diferentes."
}
],
"id": "CVE-2008-4546",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-14T15:28:16.723",
"references": [
{
"source": "cve@mitre.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32759"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40545"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43026"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4401"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1024085"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1024086"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "cve@mitre.org",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5XQH-J4C7-9PG5
Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2025-04-09 03:59
VLAI
Details
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
{
"affected": [],
"aliases": [
"CVE-2008-4546"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-10-14T15:28:00Z",
"severity": "MODERATE"
},
"details": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"id": "GHSA-5xqh-j4c7-9pg5",
"modified": "2025-04-09T03:59:23Z",
"published": "2022-05-02T00:11:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"type": "WEB",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32759"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43026"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/4401"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024085"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024086"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4435"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"type": "WEB",
"url": "http://www.mochimedia.com/~matthew/flashcrash"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"type": "WEB",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0192"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2008-4546
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-4546",
"description": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"id": "GSD-2008-4546",
"references": [
"https://www.suse.com/security/cve/CVE-2008-4546.html",
"https://access.redhat.com/errata/RHSA-2010:0470",
"https://access.redhat.com/errata/RHSA-2010:0464"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-4546"
],
"details": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"id": "GSD-2008-4546",
"modified": "2023-12-13T01:22:59.352866Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4401",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4401"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "oval:org.mitre.oval:def:7187",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "adobe-flash-version-dos(45630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "http://www.mochimedia.com/~matthew/flashcrash/",
"refsource": "MISC",
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "oval:org.mitre.oval:def:16302",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "31537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4546"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mochimedia.com/~matthew/flashcrash/",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.mochimedia.com/~matthew/flashcrash/"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "32759",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "31537",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "4401",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/4401"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"tags": [],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "SSRT100179",
"refsource": "HP",
"tags": [],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "40545",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "43026",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "adobe-flash-version-dos(45630)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
},
{
"name": "oval:org.mitre.oval:def:7187",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
},
{
"name": "oval:org.mitre.oval:def:16302",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
},
{
"name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-11T20:52Z",
"publishedDate": "2008-10-14T15:28Z"
}
}
}
RHSA-2010:0464
Vulnerability from csaf_redhat - Published: 2010-06-11 16:32 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: flash-plugin security update
Severity
Critical
Notes
Topic: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
4.3 ()
Affected products
Threats
Impact
Low
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
6.8 ()
Affected products
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
6.8 ()
Affected products
Threats
Impact
Critical
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
6.8 ()
Affected products
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
6.8 ()
Affected products
Threats
Impact
Critical
References
102 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0464",
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0464.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-11-21T17:36:14+00:00",
"generator": {
"date": "2025-11-21T17:36:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0464",
"initial_release_date": "2010-06-11T16:32:00+00:00",
"revision_history": [
{
"date": "2010-06-11T16:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-11T12:32:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:10.1-2.el5.i386",
"product": {
"name": "flash-plugin-0:10.1-2.el5.i386",
"product_id": "flash-plugin-0:10.1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@10.1-2.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
RHSA-2010:0470
Vulnerability from csaf_redhat - Published: 2010-06-14 22:28 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: flash-plugin security update
Severity
Critical
Notes
Topic: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
4.3 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.
4.3 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
104 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0470",
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0470.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-11-21T17:36:14+00:00",
"generator": {
"date": "2025-11-21T17:36:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0470",
"initial_release_date": "2010-06-14T22:28:00+00:00",
"revision_history": [
{
"date": "2010-06-14T22:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-14T18:28:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el3.with.oss?arch=i386"
}
}
},
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2172",
"discovery_date": "2010-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602627"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2172"
},
{
"category": "external",
"summary": "RHBZ#602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…