CVE-2016-1019

CVE-2016-1019 affects Adobe Flash Player 21.0.0.197 and earlier. The initial description notes remote code execution via unspecified vectors with in-the-wild activity in April 2016. Connected documents place CVE-2016-1019 among vulnerabilities embedded in Neutrino EK and referenced by CISA KEV as...

CVE-2016-1010

CVE-2016-1010 is an integer overflow vulnerability in Adobe Flash Player and Adobe AIR stack. Affected: Flash Player before 18.0.0.333 and 19.x–21.x before 21.0.0.182 on Windows/macOS; Flash before 11.2.202.577 on Linux; Adobe AIR before 21.0.0.176 and AIR SDK/Compiler before 21.0.0.176. Cause: i...

CVE-2017-11292

Adobe Flash Player

CVE-2018-5002

CVE-2018-5002 affects Adobe Flash Player, up to version 29.0.0.171, with a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user. Connected advisories indicate a remediation upgrade to Flash Player 30.0.0.113 (or newer) to fix this issue, and som...

CVE-2016-0984

CVE-2016-0984 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that enables arbitrary code execution. Affected products include Flash Player Windows/macOS (before 18.0.0.329 and 19.x prior to 20.0.0.306) and Linux (before 11.2.202.569), as well as Adobe AIR bef...

CVE-2015-5122

CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...

CVE-2015-5123

CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...

CVE-2016-7892

CVE-2016-7892 affects Adobe Flash Player and is due to a use-after-free in the TextField class, leading to arbitrary code execution. Affected versions: 23.0.0.207 and earlier, 11.2.202.644 and earlier. Industry advisories (e.g., Arch Linux ASA entries) indicate remediation by upgrading to Flash P...

CVE-2016-0974

CVE-2016-0974 is a use-after-free vulnerability in Adobe Flash Player (Windows/macOS) and Adobe AIR/SDK/SDK & Compiler, with affected Flash Player versions before 18.0.0.329 and 19.x/20.x before 20.0.0.306 on Windows/macOS, and Linux before 11.2.202.569; Adobe AIR before 20.0.0.260. The issue ena...

CVE-2019-8069

The CVE-2019-8069 issue affects Adobe Flash Player 32.0.0.238 and earlier; it is a Same Origin Method Execution vulnerability that could lead to arbitrary code execution in the current user context. Multiple connected sources confirm the vulnerability and indicate that update/patches exist: Adobe...

CVE-2016-0963

CVE-2016-0963 is an integer overflow vulnerability in Adobe Flash Player (Windows/macOS: before 18.0.0.333 and 19.x through 21.x before 21.0.0.182; Linux: before 11.2.202.577) and in Adobe AIR together with AIR SDK/Compiler (before 21.0.0.176). The condition allows attackers to execute arbitrary ...

CVE-2016-0983

Technical details for CVE-2016-0983 are not publicly provided in the connected documents. The EUVD entries reference malware but do not specify product/version/root cause or remediation for this CVE. Monitor for updates.

CVE-2016-0982

CVE-2016-0982 corresponds to a use-after-free vulnerability in Adobe Flash Player (Windows/macOS: affected versions include before 18.0.0.329 and 19.x before 20.0.0.306; Linux: before 11.2.202.569) and in Adobe AIR (before 20.0.0.260; AIR SDK before 20.0.0.260; AIR SDK & Compiler before 20.0.0.26...

CVE-2016-1015

CVE-2016-1015 is an Adobe Flash Player type confusion vulnerability. The affected products are Flash Player on Windows and macOS (versions before 18.0.0.343 and 19.x up to 21.x before 21.0.0.213) and Linux (before 11.2.202.616). The root cause is a type confusion error triggered by overriding Net...

CVE-2019-8075

CVE-2019-8075 affects Google Chrome/Chromium (Flash component). Root cause: insufficient data validation in Flash leading to Same Origin Policy bypass and potential information disclosure. In Chrome/Chromium, fixes appeared in the 87.x series: Chrome 87.0.4280.66+ (and later) to address the vulne...

CVE-2016-0973

Technical details about CVE-2016-0973 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2019-8070

CVE-2019-8070 is a use-after-free vulnerability in Adobe Flash Player for Windows, macOS, Linux and Chrome OS, affecting version(s) up to and including 32.0.0.238 (and earlier). The root cause is a memory mismanagement issue (use-after-free) that could allow an attacker to achieve arbitrary code ...

CVE-2016-0993

CVE-2016-0993 describes an integer overflow in Adobe Flash Player (before 18.0.0.333 and 19.x–21.x before 21.0.0.182 on Windows/macOS; before 11.2.202.577 on Linux) and in Adobe AIR before 21.0.0.176, including AIR SDKs, that allows attackers to execute arbitrary code via unspecified vectors. Thi...

CVE-2016-0975

CVE-2016-0975 is a use-after-free vulnerability in the Flash/Adobe AIR stack arising from improper reference handling in the instanceof function. Affected products/usages: Adobe Flash Player before 18.0.0.329 and 19.x and before 20.0.0.306 on Windows and OS X, and before 11.2.202.569 on Linux; Ad...

CVE-2020-9633

The CVE-2020-9633 issue affects Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, including Flash Player builds for Google Chrome (32.0.0.371) and for Microsoft Edge/IE (32.0.0.330 and earlier). It is a use-after-free vulnerability that could lead to arbitrary code execution on successfu...

CVE-2015-0312

Adobe Flash Player contains a double-free vulnerability (CVE-2015-0312) reported to occur when sharing a bytearray between two workers, where one worker calls bytearray.compress() and another uses the same object. The issue can lead to arbitrary code execution and is associated with Adobe’s APSB1...

CVE-2018-15981

CVE-2018-15981 indicates a type-confusion vulnerability in Adobe Flash Player, affecting versions up to 31.0.0.148 (and earlier). Successful exploitation could lead to arbitrary code execution. Multiple connected advisories confirm the issue and note a fix in upstream version 31.0.0.153 (and late...

CVE-2016-4178

CVE-2016-4178 concerns Adobe Flash Player, where a security bypass could lead to information disclosure. The CVE entry covers affected versions on multiple platforms: Windows/OS X builds prior to 18.0.0.366 and 19.x through 22.x prior to 22.0.0.209; Linux builds prior to 11.2.202.632. The vulnera...

CVE-2019-7090

Adobe Flash Player vulnerable to an out-of-bounds read (CVE-2019-7090) in Desktop Runtime and browser plugins (Flash Player Desktop Runtime 32.0.0.114 and earlier; Chrome/plugin 32.0.0.114 and earlier; Edge/IE11 32.0.0.114 and earlier) that could disclose information. Connected sources confirm th...

CVE-2017-3068

CVE-2017-3068 is an Adobe Flash Player vulnerability affecting versions up to 25.0.0.148 (and earlier) where memory corruption in the Advanced Video Coding (AVC) engine could allow an attacker to execute arbitrary code. Several advisories note a remote code-execution risk via crafted SWF content ...

CVE-2016-4179

Technical details for CVE-2016-4179 are not publicly available in the provided Connected documents. Monitor for updates from vendor advisories and public sources.

CVE-2017-2997

CVE-2017-2997 is an Adobe Flash Player vulnerability (≤ 24.0.0.221) describing a stack/heap buffer overflow in Primetime TVSDK that could allow arbitrary code execution. Multiple connected advisories confirm the issue affects Flash Player components and remote exploitation is possible via crafted...

CVE-2016-4138

CVE-2016-4138 is a buffer overflow vulnerability in Adobe Flash Player 21.0.0.242 and earlier, affecting the Flash runtime used by Microsoft Internet Explorer 10/11 and Edge. Connected sources indicate the issue can enable arbitrary code execution via crafted content (e.g., ATF files) and that ex...

CVE-2019-7096

Adobe Flash Player is affected by CVE-2019-7096 (use-after-free leading to arbitrary code execution) and CVE-2019-7108 (out-of-bounds read leading to information disclosure) in versions up to 32.0.0.156. Multiple connected advisories confirm the issues and recommend upgrading to 32.0.0.171 (or la...

CVE-2016-4137

CVE-2016-4137 is a memory corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier, used within the Adobe Flash libraries in Internet Explorer 10/11 and Microsoft Edge. The vulnerability can lead to remote code execution and is confirmed to have an exploit in the wild (Exploit-DB ent...

CVE-2019-7837

Summary: CVE-2019-7837 is a use-after-free vulnerability in Adobe Flash Player that could allow arbitrary code execution. The issue affects multiple Flash runtimes prior to version 32.0.0.192 (as reflected in Red Hat RHSA-2019:1234 and related advisories). Affected products/components: Adobe Flas...

CVE-2016-4273

CVE-2016-4273 affects Adobe Flash Player prior to 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows/macOS, and before 11.2.202.637 on Linux. The issue is a memory corruption vulnerability exploitable via unspecified vectors, linked to a separate group of CVEs (2016-6982…6990). The con...

CVE-2018-12824

CVE-2018-12824 affects Adobe Flash Player (and the flash-plugin in distributions) prior to version 30.0.0.154. The root cause is an out-of-bounds read that can lead to information disclosure. Public advisories (APSB18-25) document multiple vulnerabilities in Flash Player 30.x and provide a securi...

CVE-2019-7108

Adobe Flash Player versions 32.0.0.156 and earlier are affected by an out-of-bounds read vulnerability (CVE-2019-7108) that could lead to information disclosure. Multiple connected advisories confirm the issue in Flash Player and list upgrade as the remediation: upgrade to 32.0.0.171 or newer (e....

CVE-2017-3073

CVE-2017-3073 affects Adobe Flash Player 25.0.0.148 and earlier, with an exploitable use-after-free vulnerability when handling multiple mask properties of display objects, leading to memory corruption and potential arbitrary code execution. Multiple connected advisories confirm the affected comp...

CVE-2016-4238

CVE-2016-4238 affects Adobe Flash Player: Windows/macOS versions before 18.0.0.366 and 19.x–22.x before 22.0.0.209, and Linux before 11.2.202.632. Root cause/vectors are described as unspecified. Impact includes arbitrary code execution or memory-corruption-based DoS. No remediation details provi...

CVE-2017-2986

CVE-2017-2986 affects Adobe Flash Player, specifically the Flash Video (FLV) codec. The vulnerability is an exploitable heap overflow in the FLV codec for Flash Player versions 24.0.0.194 and earlier, which could allow arbitrary code execution. Evidence from multiple advisories confirms affected ...

CVE-2017-3070

Adobe Flash Player 25.0.0.148 and earlier is affected by CVE-2017-3070 due to a memory corruption flaw in the ConvolutionFilter class, which could allow arbitrary code execution if exploited. Affected software versions include 25.0.0.148 and earlier; remediation across vendors is to upgrade to 25...

CVE-2017-3074

Adobe Flash Player 25.0.0.148 and earlier is affected by a memory corruption vulnerability in the Graphics class (CVE-2017-3074). Successful exploitation could lead to arbitrary code execution. Public advisories indicate remediation via upgrading to at least 25.0.0.171 (and related CVEs 3068–3074...

CVE-2017-2992

CVE-2017-2992 is a heap-based buffer overflow vulnerability in Adobe Flash Player triggered while parsing an MP4 header. It affects versions up to 24.0.0.194 (and earlier) per the CVE entry, with multiple advisories confirming a fix in 24.0.0.221 or later. The issue could allow arbitrary code exe...

CVE-2017-3072

Adobe Flash Player vulnerability CVE-2017-3072 is described as an exploitable memory corruption in the BitmapData class in Flash Player 25.0.0.148 and earlier, with successful exploitation potentially leading to arbitrary code execution. The connected advisories corroborate multiple related CVEs ...

CVE-2016-4229

CVE-2016-4229 is a use-after-free in Adobe Flash Player (Windows/macOS: before 18.0.0.366 and 19.x–22.x before 22.0.0.209; Linux: before 11.2.202.632) enabling arbitrary code execution via unspecified vectors. The vulnerability is distinct from CVE-2016-4173/4174/4222/4226/4227/4228/4230/4231/424...

CVE-2016-6926

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2017-3003

CVE-2017-3003 is a use-after-free vulnerability in Adobe Flash Player

CVE-2016-0998

CVE-2016-0998 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that allows arbitrary code execution via unspecified vectors on Windows, OS X, and Linux, affecting Flash Player prior to 18.0.0.333 and 19.x–21.x before 21.0.0.182, and AIR before 21.0.0.176. The r...

CVE-2016-4152

CVE-2016-4152 is an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier used in Flash libraries for Internet Explorer 10/11 and Edge. Connected sources (HackerOne) map this to a ShimContentResolver.configure memory corruption issue in Flash Player, with patches issued by variou...

CVE-2018-15978

CVE-2018-15978 affects Adobe Flash Player versions 31.0.0.122 and earlier, with an out-of-bounds read that could lead to information disclosure. Public references in the connected documents indicate this vulnerability is addressed by updates (e.g., Flash Player 31.0.0.148 in the Mageia/RHEL advis...

CVE-2016-4149

CVE-2016-4149 is part of a set of vulnerabilities in Adobe Flash Player. Connected advisories note the issue alongside multiple other CVEs (notably in 4122–4149) and describe vulnerabilities in the Flash Player libraries used by Microsoft IE/Edge. Public updates from Mageia list CVE-2016-4149 as ...

CVE-2016-4175

Technical details for CVE-2016-4175 are not publicly available in the provided connected documents; no affected product/version/impact data is specified beyond the initial description. Monitor for updates.

CVE-2014-0569

CVE-2014-0569 is an integer overflow vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. Affected products/versions (per initial entry) include Flash Player before 13.0.0.250 and 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 o...