CVE-2018-4878

Adobe Flash Player vulnerability CVE-2018-4878 is a use-after-free in the DRM/Primetime-related code (DRMManager initialize) that could allow remote arbitrary code execution. Affected products are Flash Player before 28.0.0.161; exploitation in the wild was reported in early 2018. Exploitation of...

CVE-2018-15982

CVE-2018-15982 is a use-after-free vulnerability in Adobe Flash Player (versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier) that allows remote code execution when a memory reference is released but remains in a vector due to a faulty reference in the com.adobe.tvsdk.mediacore.metadata pa...

CVE-2016-7855

Adobe Flash Player CVE-2016-7855 is a use-after-free vulnerability allowing remote code execution. It affects Flash Player on Windows, macOS, and Linux (versions prior to 23.0.0.205 for Windows/OS X and prior to 11.2.202.643 on Linux). Exploitation has been observed in the wild (October 2016). Af...

CVE-2012-2034

CVE-2012-2034 concerns memory corruption in Adobe Flash Player (and Adobe AIR) that enables remote code execution or DoS via unspecified vectors. Affected platforms include Windows/macOS prior to 10.3.183.20 and 11.x before 11.3.300.257 (Windows/macOS), Linux prior to 11.2.202.236, Android 2.x/3....

CVE-2012-0754

CVE-2012-0754 affects Adobe Flash Player on Windows, macOS, Linux, Solaris, and Android (various versions). The vulnerability is a memory corruption issue in Flash Player that can be exploited to execute arbitrary code or cause a denial of service via unspecified vectors. Affected versions includ...

CVE-2011-0609

The CVE-2011-0609 issue is an Adobe Flash Player AVM Bytecode Verification vulnerability that allows remote code execution via crafted SWF content. Affected products include Flash Player 10.2.x and earlier (Windows, macOS, Linux, Solaris), Flash Player 10.1.106.16 and earlier on Android, Adobe AI...

CVE-2015-3043

CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...

CVE-2012-0767

Adobe Flash Player contains a Cross‑Site Scripting (XSS) vulnerability (UXSS) tracked as CVE-2012-0767. The public description specifies that remote attackers could inject arbitrary script or HTML via unspecified vectors. Affected versions include Flash Player before 10.3.183.15 and 11.x before 1...

CVE-2016-4117

CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...

CVE-2010-1297

CVE-2010-1297 affects Adobe Flash Player (versions prior to 9.0.277.0 and 10.x prior to 10.1.53.64), Adobe AIR (prior to 2.0.2.12610), and Adobe Reader/Acrobat (8.x up to 8.2.3; 9.x prior to 9.3.3) on Windows and macOS. The root cause is memory corruption/remote code execution via crafted SWF con...

CVE-2015-0313

Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....

CVE-2016-1019

CVE-2016-1019 affects Adobe Flash Player 21.0.0.197 and earlier. The initial description notes remote code execution via unspecified vectors with in-the-wild activity in April 2016. Connected documents place CVE-2016-1019 among vulnerabilities embedded in Neutrino EK and referenced by CISA KEV as...

CVE-2009-1862

CVE-2009-1862 describes a memory-corruption vulnerability in Adobe Flash Player (and Adobe Reader/Acrobat components) that can be triggered by specially crafted SWF content or a crafted PDF/Flash combo via authplay.dll, leading to remote code execution or memory corruption DoS. Affected products ...

CVE-2011-0611

CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...

CVE-2016-1010

CVE-2016-1010 is an integer overflow vulnerability in Adobe Flash Player and Adobe AIR stack. Affected: Flash Player before 18.0.0.333 and 19.x–21.x before 21.0.0.182 on Windows/macOS; Flash before 11.2.202.577 on Linux; Adobe AIR before 21.0.0.176 and AIR SDK/Compiler before 21.0.0.176. Cause: i...

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

CVE-2012-1535

Adobe Flash Player suffers an arbitrary code execution/DoS vulnerability (CVE-2012-1535) via crafted SWF content. Expected impact is remote code execution or application crash; evidence cites in-the-wild activity in August 2012. Affected versions are Windows/Mac OS X: prior to 11.3.300.271; Linux...

CVE-2017-11292

Adobe Flash Player

CVE-2018-5002

CVE-2018-5002 affects Adobe Flash Player, up to version 29.0.0.171, with a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user. Connected advisories indicate a remediation upgrade to Flash Player 30.0.0.113 (or newer) to fix this issue, and som...

CVE-2015-7645

CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....

CVE-2016-0984

CVE-2016-0984 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that enables arbitrary code execution. Affected products include Flash Player Windows/macOS (before 18.0.0.329 and 19.x prior to 20.0.0.306) and Linux (before 11.2.202.569), as well as Adobe AIR bef...

CVE-2012-5054

CVE-2012-5054 specifies an integer overflow in the Matrix3D.copyRawDataTo method of Adobe Flash Player, enabling remote code execution via malformed arguments. Affected component: Flash Player (Matrix3D class). Root cause: integer overflow in copyRawDataTo. Impact: arbitrary code execution with n...

CVE-2015-5119

The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

CVE-2015-5122

CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...

CVE-2015-0311

CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...

CVE-2015-5123

CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...

CVE-2014-9163

Adobe Flash Player is affected by CVE-2014-9163: a stack-based buffer overflow allows remote code execution. Affected: Windows and OS X Flash Player before 13.0.0.259 and 14.x before 15.0.0.246, and Linux Flash Player before 11.2.202.425. Root cause: stack-based overflow in vulnerable code paths;...

CVE-2016-4171

CVE-2016-4171 is an unspecified memory-corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier that allows remote code execution. The vulnerability was leveraged in the wild in June 2016. Affected product: Flash Player. Root cause and exact vectors are not detailed in the provided d...

CVE-2014-8439

CVE-2014-8439 describes a dereferenced memory pointer vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. The initial entry lists multiple affected branches: Flash Player versions prior to 13.0.0.258, 14.x, and 15.x before 15.0.0.239 on Windows...

CVE-2015-0310

CVE-2015-0310 is an Adobe Flash Player ASLR bypass vulnerability that allows discovery of memory addresses, bypassing ASLR with implications across affected platforms. Connected advisories confirm remediation by upgrading Flash Player to version 11.2.202.440 (RHSA-2015:0094; OpenSUSE openSUSE-SU-...

CVE-2016-7892

CVE-2016-7892 affects Adobe Flash Player and is due to a use-after-free in the TextField class, leading to arbitrary code execution. Affected versions: 23.0.0.207 and earlier, 11.2.202.644 and earlier. Industry advisories (e.g., Arch Linux ASA entries) indicate remediation by upgrading to Flash P...

CVE-2012-2037

Adobe Flash Player and AIR vulnerability CVE-2012-2037 involves memory corruption that could allow remote code execution orDoS. Affected products span multiple platforms; remediation in the related advisories shows upgrading Flash Player to 11.2.202.236 (and corresponding AIR update 3.3.0.3610) m...

CVE-2014-0502

CVE-2014-0502 is a double‑free vulnerability in Adobe Flash Player and related components that allows remote code execution. Affected products include Flash Player prior to 11.7.700.269 and 11.8.x up to 12.0.x before 12.0.0.70 on Windows/macOS, and before 11.2.202.341 on Linux, as well as Adobe A...

CVE-2016-0974

CVE-2016-0974 is a use-after-free vulnerability in Adobe Flash Player (Windows/macOS) and Adobe AIR/SDK/SDK & Compiler, with affected Flash Player versions before 18.0.0.329 and 19.x/20.x before 20.0.0.306 on Windows/macOS, and Linux before 11.2.202.569; Adobe AIR before 20.0.0.260. The issue ena...

CVE-2019-8069

The CVE-2019-8069 issue affects Adobe Flash Player 32.0.0.238 and earlier; it is a Same Origin Method Execution vulnerability that could lead to arbitrary code execution in the current user context. Multiple connected sources confirm the vulnerability and indicate that update/patches exist: Adobe...

CVE-2014-0497

CVE-2014-0497 is an Adobe Flash Player integer underflow vulnerability affecting multiple platforms (Windows/macOS/Linux) that enables remote code execution via unspecified vectors. The initial description confirms the affected version ranges (pre-11.7.700.261/11.8.x–12.x pre-12.0.0.44 on Windows...

CVE-2016-0963

CVE-2016-0963 is an integer overflow vulnerability in Adobe Flash Player (Windows/macOS: before 18.0.0.333 and 19.x through 21.x before 21.0.0.182; Linux: before 11.2.202.577) and in Adobe AIR together with AIR SDK/Compiler (before 21.0.0.176). The condition allows attackers to execute arbitrary ...

CVE-2015-0350

Adobe Flash Player vulnerable to memory corruption that can lead to remote code execution or denial of service. Affected versions: Windows/OS X before 13.0.0.281 and 14.x–17.x before 17.0.0.169; Linux before 11.2.202.457. Vectors are unspecified; no exploitation details provided in the source. No...

CVE-2014-0543

CVE-2014-0543 affects Adobe Flash Player (Windows/OS X: prior to 13.0.0.241 and 14.x prior to 14.0.0.176; Linux prior to 11.2.202.400) and Adobe AIR/SDK prior to 14.0.0.178, with memory address disclosure that bypasses ASLR via unspecified vectors. The root cause: improper restriction of memory-a...

CVE-2015-0315

CVE-2015-0315 is a use-after-free vulnerability in Adobe Flash Player that can allow remote code execution via unspecified vectors. Affected products include Flash Player on Windows, macOS and Linux, with vulnerable versions cited as before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Wi...

CVE-2015-0347

CVE-2015-0347 affects Adobe Flash Player before 13.0.0.281 and 14.x up to 17.x before 17.0.0.169 on Windows/OS X, and before 11.2.202.457 on Linux. The vulnerability is described as memory corruption that allows attackers to execute arbitrary code or cause a denial of service, via unspecified vec...

CVE-2015-0354

CVE-2015-0354 refers to Adobe Flash Player vulnerabilities that allow remote code execution or memory corruption. Affected products include Flash Player before 13.0.0.281 and versions up to 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The initial description notes th...

CVE-2016-0983

Technical details for CVE-2016-0983 are not publicly provided in the connected documents. The EUVD entries reference malware but do not specify product/version/root cause or remediation for this CVE. Monitor for updates.

CVE-2015-0320

CVE-2015-0320 is a use-after-free vulnerability in Adobe Flash Player (Windows/macOS: affected before 13.0.0.269 and 14.x before 16.0.0.305; Linux: before 11.2.202.442) that allows remote code execution via a specially crafted SWF file. The connected advisory confirms a remote code execution scen...

CVE-2015-0353

Concrete details from connected documents show CVE-2015-0353 affects Adobe Flash Player before certain versions on Windows, OS X, and Linux, with memory corruption exploitable to execute arbitrary code or cause a denial of service. Affected lines specify: Windows/OS X builds up to 13.0.0.281 and ...

CVE-2015-3042

CVE-2015-3042 affects Adobe Flash Player prior to 13.0.0.281 and 14.x through 17.x prior to 17.0.0.169 on Windows and OS X, and prior to 11.2.202.457 on Linux. The vulnerability is a memory corruption issue that allows attackers to execute arbitrary code or cause a denial of service via unspecifi...

CVE-2015-0352

CVE-2015-0352 concerns Adobe Flash Player with the vulnerability described as a memory corruption issue that allows an attacker to achieve remote code execution or cause a denial of service. Affected products include Flash Player on Windows, OS X, and Linux, with vulnerable versions listed as bef...

CVE-2015-3038

CVE-2015-3038 affects Adobe Flash Player on Windows, OS X, and Linux; vulnerable versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 (Linux before 11.2.202.457), with memory corruption that can enable arbitrary code execution or a denial of service via unspecif...

CVE-2016-0982

CVE-2016-0982 corresponds to a use-after-free vulnerability in Adobe Flash Player (Windows/macOS: affected versions include before 18.0.0.329 and 19.x before 20.0.0.306; Linux: before 11.2.202.569) and in Adobe AIR (before 20.0.0.260; AIR SDK before 20.0.0.260; AIR SDK & Compiler before 20.0.0.26...