CVE-2010-2178
published 2010-06-15CVE-2010-2178: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.08%
92.5th percentile
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Affected
67 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | air | <= 1.5.3.9130 | — |
| adobe | air | — | — |
| adobe | air | — | — |
| adobe | air | — | — |
| adobe | air | — | — |
| adobe | air | — | — |
| adobe | air | — | — |
| adobe | flash_player | <= 10.0.45.2 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4jvw-qg24-7qcr: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2180 [CRITICAL] CWE-119 GHSA-4jvw-qg24-7qcr: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-j8jx-4gq3-2fmw: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2160 [CRITICAL] CWE-119 GHSA-j8jx-4gq3-2fmw: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-33jv-mx9r-jr3q: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2165 [CRITICAL] CWE-119 GHSA-33jv-mx9r-jr3q: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-qrjj-37j4-wq7q: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2178 [CRITICAL] CWE-119 GHSA-qrjj-37j4-wq7q: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-hgcv-r3v9-7mc9: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2187 [CRITICAL] CWE-119 GHSA-hgcv-r3v9-7mc9: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
GHSA
GHSA-gmv4-cxx4-rrcj: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2184 [CRITICAL] CWE-119 GHSA-gmv4-cxx4-rrcj: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-739r-v5c6-g4wv: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2182 [CRITICAL] CWE-119 GHSA-739r-v5c6-g4wv: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-xh96-5xc9-3w5h: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2188 [CRITICAL] CWE-119 GHSA-xh96-5xc9-3w5h: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
GHSA
GHSA-h246-mqpx-mfvm: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2176 [CRITICAL] CWE-119 GHSA-h246-mqpx-mfvm: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-pq6f-jmr7-rfqq: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2177 [CRITICAL] CWE-119 GHSA-pq6f-jmr7-rfqq: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-pjr9-cgqf-mfxq: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2166 [CRITICAL] CWE-119 GHSA-pjr9-cgqf-mfxq: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-wm7h-9238-9p4m: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2171 [CRITICAL] CWE-119 GHSA-wm7h-9238-9p4m: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
GHSA
GHSA-qfh7-4jq5-cjrg: Adobe Flash Player before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2175 [CRITICAL] CWE-119 GHSA-qfh7-4jq5-cjrg: Adobe Flash Player before 9
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
libvirt: regression introduced in disk probe logic
vendor_redhat·2011-05-31·CVSS 4.4
CVE-2011-2178 [MEDIUM] libvirt: regression introduced in disk probe logic
libvirt: regression introduced in disk probe logic
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
Statement: Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5 and 6 as we did not backport upstream commit d6623003.
Package: libvirt (Red Hat Enterprise Linux 6) - Affected
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2166 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2184 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2171 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2180 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2188 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2182 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2175 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2165 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2187 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2178 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2177 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2160 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Red Hat
flash-plugin: multiple security flaws (APSB10-14)
vendor_redhat·2010-06-10·CVSS 9.3
CVE-2010-2176 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2178 libvirt: regression introduced in disk probe logic
bugzilla·2011-06-01·CVSS 4.4
CVE-2011-2178 [MEDIUM] CVE-2011-2178 libvirt: regression introduced in disk probe logic
CVE-2011-2178 libvirt: regression introduced in disk probe logic
Regression introduced in commit d6623003 (v0.8.8) - using the wrong sizeof operand meant that security manager private data was overlaying the allowDiskFOrmatProbing member of struct _virSecurityManager. This reopens disk probing, which was supposed to be prevented by the solution to CVE-2010-2238.
Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
Discussion:
Created libvirt tracking bugs for this issue
Affects: fedora-15 [bug 709775]
Affects: fedora-rawhide [bug 709777]
---
Statement:
Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5 and 6 as we did not backport upstream commit d6623003.
---
verify pass on
kernel-2.6.32-156.e
Bugzilla
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
bugzilla·2011-06-01·CVSS 4.4
CVE-2011-2178 [MEDIUM] CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
fedora-15 tracking bug for libvirt: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
This upstream commit needs to be backported to F15:
commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
Author: Eric Blake
Date: Thu May 26 08:18:46 2011 -0600
security: plug regression introduced in disk probe logic
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager. This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.
* src
Bugzilla
flash-plugin: multiple security flaws (APSB10-14)
bugzilla·2010-06-10·CVSS 9.3
CVE-2010-1297 [CRITICAL] flash-plugin: multiple security flaws (APSB10-14)
flash-plugin: multiple security flaws (APSB10-14)
Today, 2010-06-10, Adobe is planning to release an update
for Adobe Flash Player of version 10.0.45.2 (new version
is 10.1.53.64), to address multiple security issues allowing
code execution, whose description is detailed in the Adobe
Security Bulletin APSB10-14:
[1] http://www.adobe.com/support/security/bulletins/apsb10-14.html
* This update resolves a memory corruption vulnerability that could lead
to code execution (CVE-2010-1297). Note: There are reports that this
issue is being actively exploited in the wild.
* This update resolves a memory exhaustion vulnerability that could lead
to code execution (CVE-2009-3793).
* This update resolves a memory corruption vulnerability that could lead
to code execution (CVE-2010-2160).
* This u
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://secunia.com/advisories/40144http://secunia.com/advisories/40545http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://securitytracker.com/id?1024085http://securitytracker.com/id?1024086http://support.apple.com/kb/HT4435http://www.adobe.com/support/security/bulletins/apsb10-14.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0464.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0470.htmlhttp://www.securityfocus.com/bid/40759http://www.securityfocus.com/bid/40790http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txthttp://www.us-cert.gov/cas/techalerts/TA10-162A.htmlhttp://www.vupen.com/english/advisories/2010/1421http://www.vupen.com/english/advisories/2010/1432http://www.vupen.com/english/advisories/2010/1434http://www.vupen.com/english/advisories/2010/1453http://www.vupen.com/english/advisories/2010/1482http://www.vupen.com/english/advisories/2010/1522http://www.vupen.com/english/advisories/2010/1793http://www.vupen.com/english/advisories/2011/0192https://exchange.xforce.ibmcloud.com/vulnerabilities/59327https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16022https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7364http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://secunia.com/advisories/40144http://secunia.com/advisories/40545http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://securitytracker.com/id?1024085http://securitytracker.com/id?1024086http://support.apple.com/kb/HT4435http://www.adobe.com/support/security/bulletins/apsb10-14.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0464.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0470.htmlhttp://www.securityfocus.com/bid/40759http://www.securityfocus.com/bid/40790http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txthttp://www.us-cert.gov/cas/techalerts/TA10-162A.htmlhttp://www.vupen.com/english/advisories/2010/1421http://www.vupen.com/english/advisories/2010/1432http://www.vupen.com/english/advisories/2010/1434http://www.vupen.com/english/advisories/2010/1453http://www.vupen.com/english/advisories/2010/1482http://www.vupen.com/english/advisories/2010/1522http://www.vupen.com/english/advisories/2010/1793http://www.vupen.com/english/advisories/2011/0192https://exchange.xforce.ibmcloud.com/vulnerabilities/59327https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16022https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7364
2010-06-15
Published