Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-1297 (GCVE-0-2010-1297)
Vulnerability from cvelistv5
Published
2010-06-08 18:00
Modified
2025-10-22 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
References
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog
Date added: 2022-06-08
Due date: 2022-06-22
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-1297
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"name": "ADV-2010-1349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"name": "RHSA-2010:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"name": "VU#486225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024057"
},
{
"name": "1024086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "40034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40034"
},
{
"name": "ADV-2010-1434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "40586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40586"
},
{
"name": "TLSA-2010-19",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "1024058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024058"
},
{
"name": "ADV-2010-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"name": "13787",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "TA10-159A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"name": "40144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "40026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40026"
},
{
"name": "adobe-authplay-code-execution(59137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "oval:org.mitre.oval:def:7116",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"name": "65141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65141"
},
{
"name": "ADV-2010-1453",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2010-1297",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:41:22.159578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:52.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-08T00:00:00+00:00",
"value": "CVE-2010-1297 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2010-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"name": "ADV-2010-1349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"name": "RHSA-2010:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"name": "VU#486225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024057"
},
{
"name": "1024086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "40034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40034"
},
{
"name": "ADV-2010-1434",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "40586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40586"
},
{
"name": "TLSA-2010-19",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "1024058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024058"
},
{
"name": "ADV-2010-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"name": "13787",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "TA10-159A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"name": "40144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "40026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40026"
},
{
"name": "adobe-authplay-code-execution(59137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "oval:org.mitre.oval:def:7116",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"name": "65141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65141"
},
{
"name": "ADV-2010-1453",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx",
"refsource": "MISC",
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"name": "ADV-2010-1349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/",
"refsource": "MISC",
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"name": "VU#486225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024057"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "40034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40034"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "40586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40586"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "1024058",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024058"
},
{
"name": "ADV-2010-1348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"name": "13787",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "TA10-159A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"name": "40144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "40026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40026"
},
{
"name": "adobe-authplay-code-execution(59137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "oval:org.mitre.oval:def:7116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"name": "65141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65141"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-1297",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-04-06T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:52.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2010-1297",
"cwes": "[\"CWE-787\"]",
"dateAdded": "2022-06-08",
"dueDate": "2022-06-22",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"product": "Flash Player",
"requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"shortDescription": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-1297\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-06-08T18:30:10.007\",\"lastModified\":\"2025-10-22T01:15:36.323\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de contenido SWF manipulado, se explota activamente desde Junio de 2010.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-06-08\",\"cisaActionDue\":\"2022-06-22\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Adobe Flash Player Memory Corruption Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.2.12610\",\"matchCriteriaId\":\"A520EA13-9274-4E10-84B5-1F1FD9E5CE86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.277.0\",\"matchCriteriaId\":\"20C3001C-53F0-4C18-9CC8-89BDF8C6087D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.1.53.64\",\"matchCriteriaId\":\"2AA8832A-7A0F-4823-9038-B9FD37506911\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.2.3\",\"matchCriteriaId\":\"3BEBBDB0-9D07-434D-A30D-D21AE17D6CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"5291AD2C-5AC9-4F31-8FC7-D0F117A91099\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.2\",\"matchCriteriaId\":\"9B9D5815-B269-4E63-8F37-E064B49EBF71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1193A7E6-DCB4-4E79-A509-1D6948153A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1608E282-2E96-4447-848D-DBE915DB0EF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4500161F-13A0-4369-B93A-778B34E7F005\"}]}]}],\"references\":[{\"url\":\"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/40026\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40034\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40144\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/40545\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024057\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024058\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024085\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024086\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa10-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-15.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.exploit-db.com/exploits/13787\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/486225\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/65141\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0464.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0470.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/40586\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/40759\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-159A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1348\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1349\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1421\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1432\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1434\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1453\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1482\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1522\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1636\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1793\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59137\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/40026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/40545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1024086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa10-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-15.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.exploit-db.com/exploits/13787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/486225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/65141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0464.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0470.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/40586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/40759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-159A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1349\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"n/a\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-06-04T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2017-09-18T12:57:01.000Z\", \"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\"}, \"references\": [{\"name\": \"ADV-2010-1636\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1636\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\"}, {\"name\": \"ADV-2010-1349\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1349\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-15.html\"}, {\"name\": \"ADV-2011-0192\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2011/0192\"}, {\"name\": \"ADV-2010-1421\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1421\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://support.apple.com/kb/HT4435\"}, {\"name\": \"40545\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/40545\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\"}, {\"name\": \"RHSA-2010:0464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0464.html\"}, {\"name\": \"ADV-2010-1793\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1793\"}, {\"name\": \"43026\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/43026\"}, {\"name\": \"ADV-2010-1432\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1432\"}, {\"name\": \"GLSA-201101-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"http://security.gentoo.org/glsa/glsa-201101-09.xml\"}, {\"name\": \"TA10-162A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.adobe.com/support/security/advisories/apsa10-01.html\"}, {\"name\": \"VU#486225\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"], \"url\": \"http://www.kb.cert.org/vuls/id/486225\"}, {\"name\": \"APPLE-SA-2010-11-10-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_APPLE\"], \"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\"}, {\"name\": \"40759\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/40759\"}, {\"name\": \"1024085\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://securitytracker.com/id?1024085\"}, {\"name\": \"SUSE-SR:2010:013\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"], \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\"}, {\"name\": \"1024057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://securitytracker.com/id?1024057\"}, {\"name\": \"1024086\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://securitytracker.com/id?1024086\"}, {\"name\": \"40034\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/40034\"}, {\"name\": \"ADV-2010-1434\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1434\"}, {\"name\": \"40586\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/40586\"}, {\"name\": \"TLSA-2010-19\", \"tags\": [\"vendor-advisory\", \"x_refsource_TURBO\"], \"url\": \"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\"}, {\"name\": \"SSRT100179\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"], \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"SUSE-SA:2010:024\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"], \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\"}, {\"name\": \"1024058\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://securitytracker.com/id?1024058\"}, {\"name\": \"ADV-2010-1348\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1348\"}, {\"name\": \"13787\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"], \"url\": \"http://www.exploit-db.com/exploits/13787\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\"}, {\"name\": \"TA10-159A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-159A.html\"}, {\"name\": \"40144\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/40144\"}, {\"name\": \"RHSA-2010:0470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0470.html\"}, {\"name\": \"ADV-2010-1482\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1482\"}, {\"name\": \"40026\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/40026\"}, {\"name\": \"adobe-authplay-code-execution(59137)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/59137\"}, {\"name\": \"HPSBMA02547\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"], \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"ADV-2010-1522\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1522\"}, {\"name\": \"oval:org.mitre.oval:def:7116\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116\"}, {\"name\": \"65141\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"], \"url\": \"http://www.osvdb.org/65141\"}, {\"name\": \"ADV-2010-1453\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1453\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@adobe.com\", \"ID\": \"CVE-2010-1297\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"n/a\", \"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"ADV-2010-1636\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1636\"}, {\"name\": \"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\", \"refsource\": \"MISC\", \"url\": \"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\"}, {\"name\": \"ADV-2010-1349\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1349\"}, {\"name\": \"http://www.adobe.com/support/security/bulletins/apsb10-15.html\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-15.html\"}, {\"name\": \"ADV-2011-0192\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2011/0192\"}, {\"name\": \"ADV-2010-1421\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1421\"}, {\"name\": \"http://support.apple.com/kb/HT4435\", \"refsource\": \"CONFIRM\", \"url\": \"http://support.apple.com/kb/HT4435\"}, {\"name\": \"40545\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/40545\"}, {\"name\": \"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\", \"refsource\": \"MISC\", \"url\": \"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\"}, {\"name\": \"RHSA-2010:0464\", \"refsource\": \"REDHAT\", \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0464.html\"}, {\"name\": \"ADV-2010-1793\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1793\"}, {\"name\": \"43026\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/43026\"}, {\"name\": \"ADV-2010-1432\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1432\"}, {\"name\": \"GLSA-201101-09\", \"refsource\": \"GENTOO\", \"url\": \"http://security.gentoo.org/glsa/glsa-201101-09.xml\"}, {\"name\": \"TA10-162A\", \"refsource\": \"CERT\", \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\"}, {\"name\": \"http://www.adobe.com/support/security/advisories/apsa10-01.html\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.adobe.com/support/security/advisories/apsa10-01.html\"}, {\"name\": \"VU#486225\", \"refsource\": \"CERT-VN\", \"url\": \"http://www.kb.cert.org/vuls/id/486225\"}, {\"name\": \"APPLE-SA-2010-11-10-1\", \"refsource\": \"APPLE\", \"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\"}, {\"name\": \"40759\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/40759\"}, {\"name\": \"1024085\", \"refsource\": \"SECTRACK\", \"url\": \"http://securitytracker.com/id?1024085\"}, {\"name\": \"SUSE-SR:2010:013\", \"refsource\": \"SUSE\", \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\"}, {\"name\": \"1024057\", \"refsource\": \"SECTRACK\", \"url\": \"http://securitytracker.com/id?1024057\"}, {\"name\": \"1024086\", \"refsource\": \"SECTRACK\", \"url\": \"http://securitytracker.com/id?1024086\"}, {\"name\": \"40034\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/40034\"}, {\"name\": \"ADV-2010-1434\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1434\"}, {\"name\": \"40586\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/40586\"}, {\"name\": \"TLSA-2010-19\", \"refsource\": \"TURBO\", \"url\": \"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\"}, {\"name\": \"SSRT100179\", \"refsource\": \"HP\", \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"SUSE-SA:2010:024\", \"refsource\": \"SUSE\", \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\"}, {\"name\": \"1024058\", \"refsource\": \"SECTRACK\", \"url\": \"http://securitytracker.com/id?1024058\"}, {\"name\": \"ADV-2010-1348\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1348\"}, {\"name\": \"13787\", \"refsource\": \"EXPLOIT-DB\", \"url\": \"http://www.exploit-db.com/exploits/13787\"}, {\"name\": \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\"}, {\"name\": \"TA10-159A\", \"refsource\": \"CERT\", \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-159A.html\"}, {\"name\": \"40144\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/40144\"}, {\"name\": \"RHSA-2010:0470\", \"refsource\": \"REDHAT\", \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0470.html\"}, {\"name\": \"ADV-2010-1482\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1482\"}, {\"name\": \"40026\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/40026\"}, {\"name\": \"adobe-authplay-code-execution(59137)\", \"refsource\": \"XF\", \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/59137\"}, {\"name\": \"HPSBMA02547\", \"refsource\": \"HP\", \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"ADV-2010-1522\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1522\"}, {\"name\": \"oval:org.mitre.oval:def:7116\", \"refsource\": \"OVAL\", \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116\"}, {\"name\": \"65141\", \"refsource\": \"OSVDB\", \"url\": \"http://www.osvdb.org/65141\"}, {\"name\": \"ADV-2010-1453\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/1453\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T01:21:18.210Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"ADV-2010-1636\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1636\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx\"}, {\"name\": \"ADV-2010-1349\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1349\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-15.html\"}, {\"name\": \"ADV-2011-0192\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2011/0192\"}, {\"name\": \"ADV-2010-1421\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1421\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://support.apple.com/kb/HT4435\"}, {\"name\": \"40545\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/40545\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/\"}, {\"name\": \"RHSA-2010:0464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0464.html\"}, {\"name\": \"ADV-2010-1793\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1793\"}, {\"name\": \"43026\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/43026\"}, {\"name\": \"ADV-2010-1432\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1432\"}, {\"name\": \"GLSA-201101-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"http://security.gentoo.org/glsa/glsa-201101-09.xml\"}, {\"name\": \"TA10-162A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-162A.html\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.adobe.com/support/security/advisories/apsa10-01.html\"}, {\"name\": \"VU#486225\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"], \"url\": \"http://www.kb.cert.org/vuls/id/486225\"}, {\"name\": \"APPLE-SA-2010-11-10-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_APPLE\", \"x_transferred\"], \"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\"}, {\"name\": \"40759\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/40759\"}, {\"name\": \"1024085\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://securitytracker.com/id?1024085\"}, {\"name\": \"SUSE-SR:2010:013\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"], \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\"}, {\"name\": \"1024057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://securitytracker.com/id?1024057\"}, {\"name\": \"1024086\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://securitytracker.com/id?1024086\"}, {\"name\": \"40034\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/40034\"}, {\"name\": \"ADV-2010-1434\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1434\"}, {\"name\": \"40586\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/40586\"}, {\"name\": \"TLSA-2010-19\", \"tags\": [\"vendor-advisory\", \"x_refsource_TURBO\", \"x_transferred\"], \"url\": \"http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt\"}, {\"name\": \"SSRT100179\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"], \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"SUSE-SA:2010:024\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"], \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html\"}, {\"name\": \"1024058\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://securitytracker.com/id?1024058\"}, {\"name\": \"ADV-2010-1348\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1348\"}, {\"name\": \"13787\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"], \"url\": \"http://www.exploit-db.com/exploits/13787\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\"}, {\"name\": \"TA10-159A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-159A.html\"}, {\"name\": \"40144\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/40144\"}, {\"name\": \"RHSA-2010:0470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0470.html\"}, {\"name\": \"ADV-2010-1482\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1482\"}, {\"name\": \"40026\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/40026\"}, {\"name\": \"adobe-authplay-code-execution(59137)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/59137\"}, {\"name\": \"HPSBMA02547\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"], \"url\": \"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\"}, {\"name\": \"ADV-2010-1522\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1522\"}, {\"name\": \"oval:org.mitre.oval:def:7116\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116\"}, {\"name\": \"65141\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"], \"url\": \"http://www.osvdb.org/65141\"}, {\"name\": \"ADV-2010-1453\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/1453\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-1297\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:41:22.159578Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-06-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:41:29.048Z\"}, \"timeline\": [{\"time\": \"2022-06-08T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2010-1297 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"assignerShortName\": \"adobe\", \"cveId\": \"CVE-2010-1297\", \"datePublished\": \"2010-06-08T18:00:00.000Z\", \"dateReserved\": \"2010-04-06T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T20:04:24.296Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTA-2010-AVI-548
Vulnerability from certfr_avis
De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :
- AFP Server ;
- AppKit ;
- ATS ;
- CFNetwork ;
- CoreGraphics ;
- CoreText ;
- Directory Services ;
- diskdev_cmds ;
- Disk Images ;
- Image Capture ;
- ImageIO ;
- Image RAW ;
- Kernel ;
- Networking ;
- Password Server ;
- Printing ;
- QuickLook ;
- QuickTime ;
- Safari ;
- Time Machine ;
- Wiki Server ;
- xar.
Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, CUPS, Flash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.
Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n- AFP Server ;\n- AppKit ;\n- ATS ;\n- CFNetwork ;\n- CoreGraphics ;\n- CoreText ;\n- Directory Services ;\n- diskdev_cmds ;\n- Disk Images ;\n- Image Capture ;\n- ImageIO ;\n- Image RAW ;\n- Kernel ;\n- Networking ;\n- Password Server ;\n- Printing ;\n- QuickLook ;\n- QuickTime ;\n- Safari ;\n- Time Machine ;\n- Wiki Server ;\n- xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2010-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
},
{
"name": "CVE-2009-4134",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
},
{
"name": "CVE-2010-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
},
{
"name": "CVE-2010-3788",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
},
{
"name": "CVE-2010-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
},
{
"name": "CVE-2010-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
},
{
"name": "CVE-2010-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
},
{
"name": "CVE-2010-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
},
{
"name": "CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"name": "CVE-2010-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
},
{
"name": "CVE-2010-2499",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
},
{
"name": "CVE-2010-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
},
{
"name": "CVE-2010-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2010-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2010-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
},
{
"name": "CVE-2010-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
},
{
"name": "CVE-2010-1845",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
},
{
"name": "CVE-2010-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
},
{
"name": "CVE-2010-3654",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
},
{
"name": "CVE-2010-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
},
{
"name": "CVE-2010-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
},
{
"name": "CVE-2010-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
},
{
"name": "CVE-2010-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
},
{
"name": "CVE-2010-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
},
{
"name": "CVE-2010-1842",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2010-3650",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
},
{
"name": "CVE-2010-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
},
{
"name": "CVE-2010-2497",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
},
{
"name": "CVE-2010-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2009-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
},
{
"name": "CVE-2010-1850",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
},
{
"name": "CVE-2010-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
},
{
"name": "CVE-2010-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-1831",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
},
{
"name": "CVE-2010-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
},
{
"name": "CVE-2010-3790",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
},
{
"name": "CVE-2010-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
},
{
"name": "CVE-2010-1450",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
},
{
"name": "CVE-2010-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
},
{
"name": "CVE-2010-2498",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
},
{
"name": "CVE-2010-4010",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
},
{
"name": "CVE-2010-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
},
{
"name": "CVE-2010-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
},
{
"name": "CVE-2010-1847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
},
{
"name": "CVE-2010-1841",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2010-1828",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
},
{
"name": "CVE-2010-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
},
{
"name": "CVE-2010-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-2941",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-2884",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
},
{
"name": "CVE-2010-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
},
{
"name": "CVE-2010-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
},
{
"name": "CVE-2010-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-1843",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
},
{
"name": "CVE-2010-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
},
{
"name": "CVE-2010-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
},
{
"name": "CVE-2010-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-3787",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
},
{
"name": "CVE-2010-1832",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
},
{
"name": "CVE-2009-0946",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2009-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
},
{
"name": "CVE-2010-3053",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
},
{
"name": "CVE-2010-3789",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
},
{
"name": "CVE-2010-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
},
{
"name": "CVE-2010-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2010-3054",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-3648",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
},
{
"name": "CVE-2010-3791",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
},
{
"name": "CVE-2010-1449",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
},
{
"name": "CVE-2010-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
},
{
"name": "CVE-2010-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
},
{
"name": "CVE-2010-1830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
},
{
"name": "CVE-2010-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
},
{
"name": "CVE-2010-2216",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
},
{
"name": "CVE-2010-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
},
{
"name": "CVE-2009-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
},
{
"name": "CVE-2010-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
},
{
"name": "CVE-2010-2500",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
},
{
"name": "CVE-2010-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
},
{
"name": "CVE-2009-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2010-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
},
{
"name": "CVE-2010-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
},
{
"name": "CVE-2010-3785",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"name": "CVE-2010-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
},
{
"name": "CVE-2010-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
}
],
"initial_release_date": "2010-11-12T00:00:00",
"last_revision_date": "2010-11-12T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-548",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
"url": "http://support.apple.com/kb/HT4435"
}
]
}
CERTA-2010-AVI-261
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans Adobe Flash Player permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitrarie à distance.
Description
Plusieurs vulnérabilités, dont celle traitée dans le bulletin d'alerte CERTA-2010-ALE-007, ont été corrigées par l'éditeur Adobe. Leur exploitation permet à une personne malveillante de provoquer un déni de service ou d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player 10.0.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, dont celle trait\u00e9e dans le bulletin d\u0027alerte\nCERTA-2010-ALE-007, ont \u00e9t\u00e9 corrig\u00e9es par l\u0027\u00e9diteur Adobe. Leur\nexploitation permet \u00e0 une personne malveillante de provoquer un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
}
],
"initial_release_date": "2010-06-11T00:00:00",
"last_revision_date": "2010-06-11T00:00:00",
"links": [
{
"title": "Bulletin d\u0027alerte CERTA-2010-ALE-007 du 05 juin 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-007"
}
],
"reference": "CERTA-2010-AVI-261",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitrarie \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-14 du 10 juin 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
}
]
}
CERTA-2010-AVI-296
Vulnerability from certfr_avis
De multiples vulnérabilités dans Adobe Reader et Adobe Acrobat permettent l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été découvertes dans Adobe Reader et Adobe Acrobat. Elles permettent l'exécution de code arbitraire à distance. Au moins l'une d'entre elles (CVE-2010-1297) fait l'objet de cas d'exploitation (voir alerte CERTA-2010-ALE-007).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader versions 9.3.2 et ant\u00e9rieures ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat versions 9.3.2 et ant\u00e9rieures.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Reader et\nAdobe Acrobat. Elles permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance. Au moins l\u0027une d\u0027entre elles (CVE-2010-1297) fait l\u0027objet de\ncas d\u0027exploitation (voir alerte CERTA-2010-ALE-007).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2212"
},
{
"name": "CVE-2010-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2204"
},
{
"name": "CVE-2010-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2208"
},
{
"name": "CVE-2010-2209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2209"
},
{
"name": "CVE-2010-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2206"
},
{
"name": "CVE-2010-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2210"
},
{
"name": "CVE-2010-1295",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1295"
},
{
"name": "CVE-2010-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2203"
},
{
"name": "CVE-2010-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1285"
},
{
"name": "CVE-2010-2211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2211"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2201"
},
{
"name": "CVE-2010-2205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2205"
},
{
"name": "CVE-2010-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2207"
},
{
"name": "CVE-2010-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1240"
},
{
"name": "CVE-2010-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2202"
},
{
"name": "CVE-2010-2168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2168"
}
],
"initial_release_date": "2010-06-30T00:00:00",
"last_revision_date": "2010-06-30T00:00:00",
"links": [
{
"title": "Alerte CERTA-2010-ALE-007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-007/"
}
],
"reference": "CERTA-2010-AVI-296",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eAdobe\nReader\u003c/span\u003e et \u003cspan class=\"textit\"\u003eAdobe Acrobat\u003c/span\u003e permettent\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-15 du 29 juin 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
}
]
}
CERTA-2010-AVI-317
Vulnerability from certfr_avis
De nombreuses vulnérabilités dans des produits HP Insight ont été corrigées, dont certaines permettant l'exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités dans des produits HP Insight ont été corrigées. Elles sont de natures différentes pouvant aller jusqu'à l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | HP Insight Manager 4.x, 5.X et 6.x ; | ||
| N/A | N/A | HP Insight Orchestration 6.x ; | ||
| N/A | N/A | HP Insight Control Suite For Linux(ICE-Linux) 2.x et 6.x. | ||
| N/A | N/A | HP Insight Software Integrated Installer 6.x ; | ||
| N/A | N/A | HP Virtual Connect Enterprise Manager 6.x ; | ||
| N/A | N/A | HP Insight Control 6.x ; |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Insight Manager 4.x, 5.X et 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Orchestration 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Control Suite For Linux(ICE-Linux) 2.x et 6.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Software Integrated Installer 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Virtual Connect Enterprise Manager 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Insight Control 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans des produits HP Insight ont \u00e9t\u00e9 corrig\u00e9es.\nElles sont de natures diff\u00e9rentes pouvant aller jusqu\u0027\u00e0 l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"name": "CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"name": "CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"name": "CVE-2010-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1129"
},
{
"name": "CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"name": "CVE-2009-1524",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1524"
},
{
"name": "CVE-2010-0090",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0090"
},
{
"name": "CVE-2010-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0840"
},
{
"name": "CVE-2010-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0846"
},
{
"name": "CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"name": "CVE-2008-5110",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5110"
},
{
"name": "CVE-2010-0844",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0844"
},
{
"name": "CVE-2010-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0841"
},
{
"name": "CVE-2010-0845",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0845"
},
{
"name": "CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"name": "CVE-2009-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0692"
},
{
"name": "CVE-2010-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1967"
},
{
"name": "CVE-2010-0089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0089"
},
{
"name": "CVE-2010-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0847"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"name": "CVE-2010-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1968"
},
{
"name": "CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"name": "CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"name": "CVE-2010-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1969"
},
{
"name": "CVE-2010-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0843"
},
{
"name": "CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"name": "CVE-2010-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0839"
},
{
"name": "CVE-2010-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0849"
},
{
"name": "CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"name": "CVE-2010-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0093"
},
{
"name": "CVE-2010-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0848"
},
{
"name": "CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"name": "CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"name": "CVE-2010-0092",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0092"
},
{
"name": "CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"name": "CVE-2010-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1971"
},
{
"name": "CVE-2007-5497",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5497"
},
{
"name": "CVE-2010-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0085"
},
{
"name": "CVE-2010-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0095"
},
{
"name": "CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"name": "CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"name": "CVE-2010-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1970"
},
{
"name": "CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"name": "CVE-2010-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0091"
},
{
"name": "CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"name": "CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"name": "CVE-2010-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1965"
},
{
"name": "CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"name": "CVE-2010-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0084"
},
{
"name": "CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"name": "CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"name": "CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"name": "CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"name": "CVE-2010-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0088"
},
{
"name": "CVE-2010-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0842"
},
{
"name": "CVE-2010-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0837"
},
{
"name": "CVE-2010-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
},
{
"name": "CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"name": "CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"name": "CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"name": "CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"name": "CVE-2010-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0094"
},
{
"name": "CVE-2010-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0082"
},
{
"name": "CVE-2010-0087",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0087"
},
{
"name": "CVE-2007-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2452"
},
{
"name": "CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"name": "CVE-2009-1523",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1523"
},
{
"name": "CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"name": "CVE-2010-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0838"
},
{
"name": "CVE-2010-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0850"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
},
{
"name": "CVE-2010-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1966"
}
],
"initial_release_date": "2010-07-16T00:00:00",
"last_revision_date": "2010-07-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02550 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02550"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02551 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02551"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02554 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02554"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02548 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02548"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02549 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02549"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBMA02547 du 13 juillet 2010 :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA02547"
}
],
"reference": "CERTA-2010-AVI-317",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s dans des produits HP Insight ont \u00e9t\u00e9\ncorrig\u00e9es, dont certaines permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Insight",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 HP Insight",
"url": null
}
]
}
rhsa-2010:0470
Vulnerability from csaf_redhat
Published
2010-06-14 22:28
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0470",
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0470.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:36+00:00",
"generator": {
"date": "2025-09-26T03:04:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0470",
"initial_release_date": "2010-06-14T22:28:00+00:00",
"revision_history": [
{
"date": "2010-06-14T22:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-14T18:28:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el3.with.oss?arch=i386"
}
}
},
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2172",
"discovery_date": "2010-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602627"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2172"
},
{
"category": "external",
"summary": "RHBZ#602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
rhsa-2010:0464
Vulnerability from csaf_redhat
Published
2010-06-11 16:32
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0464",
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0464.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:35+00:00",
"generator": {
"date": "2025-09-26T03:04:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0464",
"initial_release_date": "2010-06-11T16:32:00+00:00",
"revision_history": [
{
"date": "2010-06-11T16:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-11T12:32:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:10.1-2.el5.i386",
"product": {
"name": "flash-plugin-0:10.1-2.el5.i386",
"product_id": "flash-plugin-0:10.1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@10.1-2.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
RHSA-2010:0470
Vulnerability from csaf_redhat
Published
2010-06-14 22:28
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0470",
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0470.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:36+00:00",
"generator": {
"date": "2025-09-26T03:04:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0470",
"initial_release_date": "2010-06-14T22:28:00+00:00",
"revision_history": [
{
"date": "2010-06-14T22:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-14T18:28:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el3.with.oss?arch=i386"
}
}
},
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2172",
"discovery_date": "2010-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602627"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2172"
},
{
"category": "external",
"summary": "RHBZ#602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
rhsa-2010_0470
Vulnerability from csaf_redhat
Published
2010-06-14 22:28
Modified
2024-11-14 10:49
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0470",
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0470.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2024-11-14T10:49:19+00:00",
"generator": {
"date": "2024-11-14T10:49:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0470",
"initial_release_date": "2010-06-14T22:28:00+00:00",
"revision_history": [
{
"date": "2010-06-14T22:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-14T18:28:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:49:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el3.with.oss?arch=i386"
}
}
},
{
"category": "product_version",
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_id": "flash-plugin-0:9.0.277.0-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@9.0.277.0-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:9.0.277.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
},
"product_reference": "flash-plugin-0:9.0.277.0-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2172",
"discovery_date": "2010-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602627"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2172"
},
{
"category": "external",
"summary": "RHBZ#602627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2172"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: \"possible player crash\" affects also v9.x versions of Adobe Flash Player"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-14T22:28:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3Desktop-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3ES-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"3WS-LACD:flash-plugin-0:9.0.277.0-1.el3.with.oss.i386",
"4AS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4Desktop-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4ES-LACD:flash-plugin-0:9.0.277.0-1.el4.i386",
"4WS-LACD:flash-plugin-0:9.0.277.0-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
rhsa-2010_0503
Vulnerability from csaf_redhat
Published
2010-06-30 17:47
Modified
2024-11-14 10:49
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-15, listed in the References section. A specially-crafted PDF file
could cause Adobe Reader to crash or, potentially, execute arbitrary code
as the user running Adobe Reader when opened. (CVE-2010-1240,
CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,
CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,
CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,
CVE-2010-2212)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-15, listed in the References section. A specially-crafted PDF file\ncould cause Adobe Reader to crash or, potentially, execute arbitrary code\nas the user running Adobe Reader when opened. (CVE-2010-1240,\nCVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,\nCVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,\nCVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,\nCVE-2010-2212)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0503",
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0503.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:49:37+00:00",
"generator": {
"date": "2024-11-14T10:49:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0503",
"initial_release_date": "2010-06-30T17:47:00+00:00",
"revision_history": [
{
"date": "2010-06-30T17:47:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-30T13:47:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:49:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-0:9.3.3-2.el4.i386",
"product_id": "acroread-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_id": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-0:9.3.3-1.el5.i386",
"product_id": "acroread-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-1240",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1240"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1285",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1285"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1295",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1295"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1295",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2168",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2168"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2201",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2201"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2202",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2202"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2203",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2203"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2204",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2204"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2205",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2205"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2206",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2206"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2207",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2207"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2208",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object\u0027s deletion, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2208"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2209",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2209"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2210",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2210"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2211",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2211"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2212",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2212"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2212"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
}
]
}
RHSA-2010:0464
Vulnerability from csaf_redhat
Published
2010-06-11 16:32
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0464",
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0464.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:35+00:00",
"generator": {
"date": "2025-09-26T03:04:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0464",
"initial_release_date": "2010-06-11T16:32:00+00:00",
"revision_history": [
{
"date": "2010-06-11T16:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-11T12:32:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:10.1-2.el5.i386",
"product": {
"name": "flash-plugin-0:10.1-2.el5.i386",
"product_id": "flash-plugin-0:10.1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@10.1-2.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
rhsa-2010_0464
Vulnerability from csaf_redhat
Published
2010-06-11 16:32
Modified
2024-11-14 10:49
Summary
Red Hat Security Advisory: flash-plugin security update
Notes
Topic
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)
A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0464",
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"category": "external",
"summary": "467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0464.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2024-11-14T10:49:15+00:00",
"generator": {
"date": "2024-11-14T10:49:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0464",
"initial_release_date": "2010-06-11T16:32:00+00:00",
"revision_history": [
{
"date": "2010-06-11T16:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-11T12:32:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:49:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:10.1-2.el5.i386",
"product": {
"name": "flash-plugin-0:10.1-2.el5.i386",
"product_id": "flash-plugin-0:10.1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@10.1-2.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:10.1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
},
"product_reference": "flash-plugin-0:10.1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4546",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467082"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4546"
},
{
"category": "external",
"summary": "RHBZ#467082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4546",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4546"
}
],
"release_date": "2008-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL"
},
{
"cve": "CVE-2009-3793",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3793"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3793"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2160",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2160"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2160"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2161",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified \"types of Adobe Flash code.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2161"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2161"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2162",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2162"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2162"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2163",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2163"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2163"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2164",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2164"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2164"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2165",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2165"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2165",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2165"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2166",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2166"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2166"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2167",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2167"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2167"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2169",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2169"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2169"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2170",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2170"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2170"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2171",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2171"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2171"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2173",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2173"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2173"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2174",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2174"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2174"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2175",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2175"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2175"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2176",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2176"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2176"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2177",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2177"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2177"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2178",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2178"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2178"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2179",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2179"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2179"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2180",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2180"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2180"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2181",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2181"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2181"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2182",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2182"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2182"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2183",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2183"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2183"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2184",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2184"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2184"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2185",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2185"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2185"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2186",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2186"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2186",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2186"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2187",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2187"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2187"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
},
{
"cve": "CVE-2010-2188",
"discovery_date": "2010-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "602847"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-14)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2188"
},
{
"category": "external",
"summary": "RHBZ#602847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2188"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-11T16:32:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0464"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:flash-plugin-0:10.1-2.el5.i386",
"5Server-Supplementary:flash-plugin-0:10.1-2.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-14)"
}
]
}
RHSA-2010:0503
Vulnerability from csaf_redhat
Published
2010-06-30 17:47
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-15, listed in the References section. A specially-crafted PDF file
could cause Adobe Reader to crash or, potentially, execute arbitrary code
as the user running Adobe Reader when opened. (CVE-2010-1240,
CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,
CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,
CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,
CVE-2010-2212)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-15, listed in the References section. A specially-crafted PDF file\ncould cause Adobe Reader to crash or, potentially, execute arbitrary code\nas the user running Adobe Reader when opened. (CVE-2010-1240,\nCVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,\nCVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,\nCVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,\nCVE-2010-2212)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0503",
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0503.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:45+00:00",
"generator": {
"date": "2025-09-26T03:04:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0503",
"initial_release_date": "2010-06-30T17:47:00+00:00",
"revision_history": [
{
"date": "2010-06-30T17:47:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-30T13:47:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-0:9.3.3-2.el4.i386",
"product_id": "acroread-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_id": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-0:9.3.3-1.el5.i386",
"product_id": "acroread-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-1240",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1240"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1285",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1285"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1295",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1295"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1295",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2168",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2168"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2201",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2201"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2202",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2202"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2203",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2203"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2204",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2204"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2205",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2205"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2206",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2206"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2207",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2207"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2208",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object\u0027s deletion, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2208"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2209",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2209"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2210",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2210"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2211",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2211"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2212",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2212"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2212"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
}
]
}
rhsa-2010:0503
Vulnerability from csaf_redhat
Published
2010-06-30 17:47
Modified
2025-09-26 03:04
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-15, listed in the References section. A specially-crafted PDF file
could cause Adobe Reader to crash or, potentially, execute arbitrary code
as the user running Adobe Reader when opened. (CVE-2010-1240,
CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,
CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,
CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,
CVE-2010-2212)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-15, listed in the References section. A specially-crafted PDF file\ncould cause Adobe Reader to crash or, potentially, execute arbitrary code\nas the user running Adobe Reader when opened. (CVE-2010-1240,\nCVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,\nCVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,\nCVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,\nCVE-2010-2212)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0503",
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"category": "external",
"summary": "600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0503.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-09-26T03:04:45+00:00",
"generator": {
"date": "2025-09-26T03:04:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2010:0503",
"initial_release_date": "2010-06-30T17:47:00+00:00",
"revision_history": [
{
"date": "2010-06-30T17:47:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-06-30T13:47:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:04:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-0:9.3.3-2.el4.i386",
"product_id": "acroread-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_id": "acroread-plugin-0:9.3.3-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-0:9.3.3-1.el5.i386",
"product_id": "acroread-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.3-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-1240",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1240"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1240"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1285",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1285"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1285"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1295",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1295"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1295",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1295"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-1297",
"discovery_date": "2010-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "600692"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1297"
},
{
"category": "external",
"summary": "RHBZ#600692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)"
},
{
"cve": "CVE-2010-2168",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2168"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2168"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2201",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2201"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2201"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2202",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2202"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2202"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2203",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2203"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2203"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2204",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2204"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2204"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2205",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2205"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2205"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2206",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2206"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2206"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2207",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2207"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2207"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2208",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object\u0027s deletion, which allows attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2208"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2208"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2209",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2209"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2209"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2210",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2210"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2210"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2211",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2211"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2211"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
},
{
"cve": "CVE-2010-2212",
"discovery_date": "2010-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "609203"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-15)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2212"
},
{
"category": "external",
"summary": "RHBZ#609203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2212"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2212"
}
],
"release_date": "2010-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-06-30T17:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0503"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.3-2.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-0:9.3.3-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-0:9.3.3-2.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-0:9.3.3-2.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.3-2.el4.i386",
"5Client-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-15)"
}
]
}
CERTA-2010-ALE-007
Vulnerability from certfr_alerte
Mise à jour du 30 juin 2010 : cette vulnérabilité est corrigée.
Une vulnérabilité découverte dans certains produits Adobe permet à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire.
Description
Une vulnérabilité causée par une erreur dans le traitement des fichiers au format SWF (Shockwave Flash) permet à une personne malveillante de provoquer un déni de service de l'application ou d'exécuter du code arbitraire. Cette vulnérabilité peut être exploitée directement au moyen d'un fichier au format SWF spécialement construit, ou indirectement par l'intermédiaire d'un fichier au format PDF contenant un objet SWF malveillant.
Des cas d'exploitation liés à cette vulnérabilité sont d'ores et déjà recensés sur l'Internet.
Contournement provisoire
Désactiver l'interprétation des animations Flash ainsi que les animations 3D.
Afin de limiter l'impact lié à l'exploitation de cette vulnérabilité, les contournements décrits ci-dessous, non exhaustifs, peuvent être appliqués.
Remarque : la mise en œuvre de ces contournements de sécurité peut avoir des effets de bord sur l'activité du système. Il est important de les tester avant tout déploiement.
5.1 Mise à jour de sécurité partielle
L'éditeur Adobe a publié un correctif de sécurité pour Adobe Flash Player, la version 10.1.53.64 n'est plus affectée par la vulnérabilité décrite dans ce bulletin d'alerte (cf. Section Documentation).
Dans l'attente d'un correctif de sécurité pour Adobe Reader et Adobe Acrobat, ces applications restent vulnérables.
5.1.1 Adobe Acrobat et Adobe Reader pour Microsoft Windows
-
renommer, supprimer ou retirer les droits d'accès du fichier suivant :
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
5.1.2 Adobe Acrobat et Adobe Reader pour Mac OS X
-
renommer, supprimer ou retirer les droits d'accès du fichier suivant :
/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle
5.1.3 Adobe Acrobat et Adobe Reader pour GNU/Linux
-
renommer, supprimer ou retirer les droits d'accès du fichier suivant :
/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so
Remarque : l'emplacement de ces fichiers peut varier en fonction des distributions GNU/Linux et de la procédure d'installation de l'application.
5.1.4 ActiveX pour Internet Explorer
Désactiver le contrôle ActiveX. Il faut positionner la valeur Compatibility Flags pour chaque Class Identifier comme décrit ci-dessous :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]
``Compatibility Flags''=dword:00000400
Class Identifiers à désactiver :
{D27CDB6E-AE6D-11cf-96B8-444553540000}
{D27CDB70-AE6D-11cf-96B8-444553540000}
Ou rechercher et supprimer le fichier flash10*.ocx.
5.1.5 Module pour Mozilla Firefox
Désactiver le module Shockwave Flash dans le navigateur Mozilla Firefox :
- Dans Outils, puis Modules complémentaires ;
- selectionner le module Shockwave Flash et le désactiver.
Ou rechercher et supprimer le fichier flashplayer.xpt.
5.2 Mise à jour de sécurité complémentaire
Adobe a émis les correctifs pour Adobe Reader et Acrobat le 30 juin 2010.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Adobe Reader 9.x ;
- Adobe Acrobat 9.x :
- Adobe Flash Player 10.0.x.
Cette vulnérabilité peut affecter les systèmes d'exploitation suivants :
- Microsoft Windows ;
- Apple Mac OS X ;
- Gnu/Linux.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cUL\u003e \u003cLI\u003eAdobe Reader 9.x ;\u003c/LI\u003e \u003cLI\u003eAdobe Acrobat 9.x :\u003c/LI\u003e \u003cLI\u003eAdobe Flash Player 10.0.x.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003eCette vuln\u00e9rabilit\u00e9 peut affecter les syst\u00e8mes d\u0027exploitation suivants :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eMicrosoft Windows ;\u003c/LI\u003e \u003cLI\u003eApple Mac OS X ;\u003c/LI\u003e \u003cLI\u003eGnu/Linux.\u003c/LI\u003e \u003c/UL\u003e",
"closed_at": "2010-06-30",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 caus\u00e9e par une erreur dans le traitement des fichiers\nau format SWF (Shockwave Flash) permet \u00e0 une personne malveillante de\nprovoquer un d\u00e9ni de service de l\u0027application ou d\u0027ex\u00e9cuter du code\narbitraire. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e directement au moyen\nd\u0027un fichier au format SWF sp\u00e9cialement construit, ou indirectement par\nl\u0027interm\u00e9diaire d\u0027un fichier au format PDF contenant un objet SWF\nmalveillant.\n\nDes cas d\u0027exploitation li\u00e9s \u00e0 cette vuln\u00e9rabilit\u00e9 sont d\u0027ores et d\u00e9j\u00e0\nrecens\u00e9s sur l\u0027Internet.\n\n## Contournement provisoire\n\nD\u00e9sactiver l\u0027interpr\u00e9tation des animations Flash ainsi que les\nanimations 3D.\n\nAfin de limiter l\u0027impact li\u00e9 \u00e0 l\u0027exploitation de cette vuln\u00e9rabilit\u00e9,\nles contournements d\u00e9crits ci-dessous, non exhaustifs, peuvent \u00eatre\nappliqu\u00e9s.\n\nRemarque : la mise en \u0153uvre de ces contournements de s\u00e9curit\u00e9 peut avoir\ndes effets de bord sur l\u0027activit\u00e9 du syst\u00e8me. Il est important de les\ntester avant tout d\u00e9ploiement.\n\n## 5.1 Mise \u00e0 jour de s\u00e9curit\u00e9 partielle\n\nL\u0027\u00e9diteur Adobe a publi\u00e9 un correctif de s\u00e9curit\u00e9 pour Adobe Flash\nPlayer, la version 10.1.53.64 n\u0027est plus affect\u00e9e par la vuln\u00e9rabilit\u00e9\nd\u00e9crite dans ce bulletin d\u0027alerte (cf. Section Documentation).\n\nDans l\u0027attente d\u0027un correctif de s\u00e9curit\u00e9 pour Adobe Reader et Adobe\nAcrobat, ces applications restent vuln\u00e9rables.\n\n### 5.1.1 Adobe Acrobat et Adobe Reader pour Microsoft Windows\n\n- renommer, supprimer ou retirer les droits d\u0027acc\u00e8s du fichier suivant\n :\n\n \u003cspan\n class=\"small\"\u003e`C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\authplay.dll`\u003c/span\u003e\n\n### 5.1.2 Adobe Acrobat et Adobe Reader pour Mac OS X\n\n- renommer, supprimer ou retirer les droits d\u0027acc\u00e8s du fichier suivant\n :\n\n \u003cspan\n class=\"small\"\u003e`/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle`\u003c/span\u003e\n\n### 5.1.3 Adobe Acrobat et Adobe Reader pour GNU/Linux\n\n- renommer, supprimer ou retirer les droits d\u0027acc\u00e8s du fichier suivant\n :\n\n \u003cspan\n class=\"small\"\u003e`/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so`\u003c/span\u003e\n\nRemarque : l\u0027emplacement de ces fichiers peut varier en fonction des\ndistributions GNU/Linux et de la proc\u00e9dure d\u0027installation de\nl\u0027application.\n\n### 5.1.4 ActiveX pour Internet Explorer\n\nD\u00e9sactiver le contr\u00f4le ActiveX. Il faut positionner la valeur\nCompatibility Flags pour chaque Class Identifier comme d\u00e9crit ci-dessous\n:\n\n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]\n ``Compatibility Flags\u0027\u0027=dword:00000400\n\nClass Identifiers \u00e0 d\u00e9sactiver :\n\n {D27CDB6E-AE6D-11cf-96B8-444553540000}\n {D27CDB70-AE6D-11cf-96B8-444553540000}\n\nOu rechercher et supprimer le fichier flash10\\*.ocx.\n\n### 5.1.5 Module pour Mozilla Firefox\n\nD\u00e9sactiver le module Shockwave Flash dans le navigateur Mozilla Firefox\n:\n\n- Dans Outils, puis Modules compl\u00e9mentaires ;\n- selectionner le module Shockwave Flash et le d\u00e9sactiver.\n\nOu rechercher et supprimer le fichier flashplayer.xpt.\n\n## 5.2 Mise \u00e0 jour de s\u00e9curit\u00e9 compl\u00e9mentaire\n\nAdobe a \u00e9mis les correctifs pour Adobe Reader et Acrobat le 30 juin\n2010.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-1297",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
}
],
"initial_release_date": "2010-06-05T00:00:00",
"last_revision_date": "2010-06-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9ccurit\u00e9 Adobe apsb10-14 du 10 juin 2010 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"title": "Bulletin de s\u00e9ccurit\u00e9 Adobe apsb10-15 du 29 juin 2010 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"title": "Avis CERTA-2010-AVI-261 du 11 juin 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-261/"
},
{
"title": "Avis de s\u00e9curit\u00e9 Adobe apsa10-01 du 04 juin 2010 :",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"title": "Avis CERTA-2010-AVI-296 du 30 juin 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-296/"
}
],
"reference": "CERTA-2010-ALE-007",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-06-05T00:00:00.000000"
},
{
"description": "modification de la section Contournement provisoire et de la section Documentation.",
"revision_date": "2010-06-11T00:00:00.000000"
},
{
"description": "correctifs pour Adobe Reader et Acrobat.",
"revision_date": "2010-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Mise \u00e0 jour du 30 juin 2010 : cette vuln\u00e9rabilit\u00e9 est corrig\u00e9e.\n\nUne vuln\u00e9rabilit\u00e9 d\u00e9couverte dans certains produits Adobe permet \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 Shockwave Flash pour les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Adobe APSA10-01 du 04 juin 2010",
"url": null
}
]
}
fkie_cve-2010-1297
Vulnerability from fkie_nvd
Published
2010-06-08 18:30
Modified
2025-10-22 01:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ | Exploit | |
| psirt@adobe.com | http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| psirt@adobe.com | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| psirt@adobe.com | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html | Mailing List, Third Party Advisory | |
| psirt@adobe.com | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | Mailing List, Third Party Advisory | |
| psirt@adobe.com | http://secunia.com/advisories/40026 | Broken Link, Vendor Advisory | |
| psirt@adobe.com | http://secunia.com/advisories/40034 | Broken Link, Vendor Advisory | |
| psirt@adobe.com | http://secunia.com/advisories/40144 | Broken Link | |
| psirt@adobe.com | http://secunia.com/advisories/40545 | Broken Link | |
| psirt@adobe.com | http://secunia.com/advisories/43026 | Broken Link | |
| psirt@adobe.com | http://security.gentoo.org/glsa/glsa-201101-09.xml | Third Party Advisory | |
| psirt@adobe.com | http://securitytracker.com/id?1024057 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://securitytracker.com/id?1024058 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://securitytracker.com/id?1024085 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://securitytracker.com/id?1024086 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://support.apple.com/kb/HT4435 | Broken Link | |
| psirt@adobe.com | http://www.adobe.com/support/security/advisories/apsa10-01.html | Vendor Advisory | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb10-14.html | Not Applicable | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb10-15.html | Not Applicable | |
| psirt@adobe.com | http://www.exploit-db.com/exploits/13787 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://www.kb.cert.org/vuls/id/486225 | Third Party Advisory, US Government Resource | |
| psirt@adobe.com | http://www.osvdb.org/65141 | Broken Link | |
| psirt@adobe.com | http://www.redhat.com/support/errata/RHSA-2010-0464.html | Broken Link | |
| psirt@adobe.com | http://www.redhat.com/support/errata/RHSA-2010-0470.html | Broken Link | |
| psirt@adobe.com | http://www.securityfocus.com/bid/40586 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://www.securityfocus.com/bid/40759 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt | Broken Link | |
| psirt@adobe.com | http://www.us-cert.gov/cas/techalerts/TA10-159A.html | Third Party Advisory, US Government Resource | |
| psirt@adobe.com | http://www.us-cert.gov/cas/techalerts/TA10-162A.html | Third Party Advisory, US Government Resource | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1348 | Broken Link, Vendor Advisory | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1349 | Broken Link, Vendor Advisory | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1421 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1432 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1434 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1453 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1482 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1522 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1636 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2010/1793 | Broken Link | |
| psirt@adobe.com | http://www.vupen.com/english/advisories/2011/0192 | Broken Link | |
| psirt@adobe.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59137 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40026 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40034 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40144 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40545 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43026 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201101-09.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024057 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024058 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024085 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024086 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/advisories/apsa10-01.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb10-14.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb10-15.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/13787 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/486225 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/65141 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0464.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0470.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/40586 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/40759 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-159A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-162A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1348 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1349 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1421 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1432 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1434 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1453 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1482 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1522 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1636 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1793 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0192 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59137 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 | Broken Link | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | air | * | |
| adobe | flash_player | * | |
| adobe | flash_player | * | |
| adobe | acrobat | * | |
| adobe | acrobat | * | |
| apple | mac_os_x | - | |
| microsoft | windows | - | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise | 11.0 |
{
"cisaActionDue": "2022-06-22",
"cisaExploitAdd": "2022-06-08",
"cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"cisaVulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A520EA13-9274-4E10-84B5-1F1FD9E5CE86",
"versionEndExcluding": "2.0.2.12610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C3001C-53F0-4C18-9CC8-89BDF8C6087D",
"versionEndExcluding": "9.0.277.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA8832A-7A0F-4823-9038-B9FD37506911",
"versionEndExcluding": "10.1.53.64",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEBBDB0-9D07-434D-A30D-D21AE17D6CA1",
"versionEndExcluding": "8.2.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5291AD2C-5AC9-4F31-8FC7-D0F117A91099",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9D5815-B269-4E63-8F37-E064B49EBF71",
"versionEndIncluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4500161F-13A0-4369-B93A-778B34E7F005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de contenido SWF manipulado, se explota activamente desde Junio de 2010."
}
],
"id": "CVE-2010-1297",
"lastModified": "2025-10-22T01:15:36.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2010-06-08T18:30:10.007",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Exploit"
],
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40026"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40034"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40144"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40545"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/43026"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024057"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024058"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/65141"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40586"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40759"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/43026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/65141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
gsd-2010-1297
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-1297",
"description": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"id": "GSD-2010-1297",
"references": [
"https://www.suse.com/security/cve/CVE-2010-1297.html",
"https://access.redhat.com/errata/RHSA-2010:0503",
"https://access.redhat.com/errata/RHSA-2010:0470",
"https://access.redhat.com/errata/RHSA-2010:0464",
"https://packetstormsecurity.com/files/cve/CVE-2010-1297"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-1297"
],
"details": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"id": "GSD-2010-1297",
"modified": "2023-12-13T01:21:32.820698Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx",
"refsource": "MISC",
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"name": "ADV-2010-1349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/",
"refsource": "MISC",
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"name": "VU#486225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024057"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "40034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40034"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "40586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40586"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "1024058",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024058"
},
{
"name": "ADV-2010-1348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"name": "13787",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "TA10-159A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"name": "40144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "40026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40026"
},
{
"name": "adobe-authplay-code-execution(59137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "oval:org.mitre.oval:def:7116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"name": "65141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65141"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.262.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.45.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1297"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024057",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024057"
},
{
"name": "40034",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40034"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-01.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"name": "1024058",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024058"
},
{
"name": "65141",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/65141"
},
{
"name": "40586",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/40586"
},
{
"name": "ADV-2010-1348",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"name": "40026",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40026"
},
{
"name": "ADV-2010-1349",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "40759",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "13787",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "40144",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/40144"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"tags": [],
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "VU#486225",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"name": "TA10-159A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"name": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx",
"refsource": "MISC",
"tags": [],
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"name": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/",
"refsource": "MISC",
"tags": [],
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "SSRT100179",
"refsource": "HP",
"tags": [],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "40545",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "43026",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "adobe-authplay-code-execution(59137)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"name": "oval:org.mitre.oval:def:7116",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-19T01:30Z",
"publishedDate": "2010-06-08T18:30Z"
}
}
}
ghsa-cv7g-qpjc-66p7
Vulnerability from github
Published
2022-05-02 06:21
Modified
2025-10-22 03:30
Severity ?
VLAI Severity ?
Details
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
{
"affected": [],
"aliases": [
"CVE-2010-1297"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-06-08T18:30:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",
"id": "GHSA-cv7g-qpjc-66p7",
"modified": "2025-10-22T03:30:28Z",
"published": "2022-05-02T06:21:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297"
},
{
"type": "WEB",
"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash"
},
{
"type": "WEB",
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx"
},
{
"type": "WEB",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40026"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40034"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40144"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43026"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024057"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024058"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024085"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024086"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4435"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/13787"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/486225"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/65141"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40586"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"type": "WEB",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1348"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1349"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1453"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…