1084 matches found
CVE-2012-0756
Adobe Flash Player vulnerable versions prior to 10.3.183.15 and 11.x prior to 11.1.102.62 on Windows, macOS, Linux, Solaris; and before 11.1.111.6 on Android 2.x/3.x, and before 11.1.115.6 on Android 4.x are affected by CVE-2012-0756, which allows bypassing intended access restrictions via unspec...
CVE-2012-0772
CVE-2012-0772 affects Windows Flash Player (unspecified ActiveX control) and AIR, where URL security domain checking is mishandled. The issue can lead to arbitrary code execution or memory corruption DoS. Affected versions include Adobe Flash Player prior to 10.3.183.18 and 11.x prior to 11.2.202...
CVE-2010-3654
CVE-2010-3654 affects Adobe Flash Player prior to 9.0.289.0 and pre-10.1.102.64 (Windows/macOS/Linux/Solaris) and Adobe Reader/Acrobat 9.x up to 9.4, with 10.1.95.1 on Android. The vulnerability allows remote code execution or memory corruption/DoS via crafted SWF content embedded in PDFs (exploi...
CVE-2018-4877
Adobe Flash Player before 28.0.0.161 contains a use-after-free vulnerability in the Primetime SDK related to media player QoS, identified as CVE-2018-4877. A successful exploiter could achieve arbitrary code execution. Affected products are Flash Player versions prior to 28.0.0.161. Remediation p...
CVE-2017-11213
Adobe Flash Player vulnerability CVE-2017-11213 affects Flash Player 27.0.0.183 and earlier. It arises from a computation reading data past the end of a target buffer due to an integer overflow when creating an arbitrarily sized bitmap, with an invalid out-of-range pointer offset during internal ...
CVE-2015-0312
Adobe Flash Player contains a double-free vulnerability (CVE-2015-0312) reported to occur when sharing a bytearray between two workers, where one worker calls bytearray.compress() and another uses the same object. The issue can lead to arbitrary code execution and is associated with Adobe’s APSB1...
CVE-2012-4171
Adobe Flash Player and Adobe AIR are affected by CVE-2012-4171, a denial-of-service flaw caused by a logic error when handling Firefox dialogs. The vulnerability affects Flash Player on Windows, macOS, Linux, and Android (various pre-allocated builds) and affects Adobe AIR/SDK before the stated b...
CVE-2014-0515
CVE-2014-0515 is a buffer overflow in Adobe Flash Player that allowed remote code execution via unspecified vectors. Affected products include Windows/macOS Flash Player versions prior to 11.7.700.279 and 11.8.x up to 13.0.x before 13.0.0.206, and Linux Flash Player prior to 11.2.202.356. The vul...
CVE-2015-0333
Technical details for CVE-2015-0333 are not publicly available in the provided documents; monitor for updates from advisory sources.
CVE-2015-0332
CVE-2015-0332 affects Adobe Flash Player prior to 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows/OS X, and before 11.2.202.451 on Linux. The vulnerability is a memory corruption flaw that could allow remote code execution or cause a denial of service via unspecified vectors. Connec...
CVE-2019-7845
Adobe Flash Player versions 32.0.0.192 and earlier are affected by a use-after-free vulnerability (CVE-2019-7845) that could allow remote arbitrary code execution. The CVE is documented across multiple feeds, with affected products including the Desktop Runtime and browser-integrated Flash Player...
CVE-2008-4818
CVE-2008-4818 is an XSS in Adobe Flash Player related to how HTTP response headers are interpreted. The vulnerability affects Flash Player 9.0.124.0 and earlier. In Red Hat advisories, fixes are delivered via flash-plugin updates: RHSA-2008-0980 for older RHEL3/4/others (updating to Flash Player ...
CVE-2015-0336
CVE-2015-0336 : A type confusion vulnerability in Adobe Flash Player’s NetConnection class can lead to arbitrary code execution. Affected products are Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and macOS, and before 11.2.202.451 on Linux. The root cause is d...
CVE-2008-4821
CVE-2008-4821 affects Adobe Flash Player 9.0.124.0 and earlier when used in Mozilla browsers; jar: URL handling could disclose sensitive information. The vulnerability is addressed by Red Hat advisories RHSA-2008:0980/0945, which require upgrading Flash Player to version 9.0.151.0. Exploitation d...
CVE-2015-0359
CVE-2015-0359 is a double-free vulnerability in Adobe Flash Player that can lead to arbitrary code execution via unspecified vectors. Publicly cited affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X, and before 11.2.202.457 on Lin...
CVE-2008-4824
CVE-2008-4824 concerns multiple input validation errors in Adobe Flash Player. The vulnerability affects Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 and allows a remote attacker to execute arbitrary code via unspecified vectors. Related advisories (RHSA-2008-0945/0980 and Gentoo ...
CVE-2008-3873
CVE-2008-3873 affects Adobe Flash Player (9.0.124.0 and earlier). The flaw allows a remote, unauthenticated attacker to populate the clipboard with a URL via System.setClipboard, potentially misleading users without interaction. In practice, a malicious SWF could push an attacker-controlled URL t...
CVE-2018-15981
CVE-2018-15981 indicates a type-confusion vulnerability in Adobe Flash Player, affecting versions up to 31.0.0.148 (and earlier). Successful exploitation could lead to arbitrary code execution. Multiple connected advisories confirm the issue and note a fix in upstream version 31.0.0.153 (and late...
CVE-2008-4401
CVE-2008-4401 affects Adobe Flash Player 9.0.124.0 and earlier. The issue arises because ActionScript FileReference.browse() and FileReference.download() can be triggered without user interaction, enabling a remote SWF to cause a browse dialog to appear and potentially other impact. Connected adv...
CVE-2015-5133
Technical details about CVE-2015-5133 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the connected entries reference the CVE but do not disclose specifics here.
CVE-2008-4823
CVE-2008-4823 affects Adobe Flash Player up to 9.0.124.0, with a vulnerability in how an ActionScript attribute is interpreted that could allow arbitrary HTML/script injection (XSS). Public advisories (RHSA-2008:0945/0980) and Gentoo GLSA-200903-23 list Flash Player updates and note upgrading to ...
CVE-2015-5132
CVE-2015-5132 is a Flash Player buffer overflow vulnerability exploited via parsing of specially crafted SWF files. Affected: Windows/OS X Flash Player < 18.0.0.232; Linux Flash Player
CVE-2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 is affected by CVE-2007-6243 due to insufficient restriction of cross-domain policy files, enabling remote cross-domain and cross-site scripting (XSS) attacks. In the connected Red Hat advisories, this issue is list...
CVE-2014-0559
CVE-2014-0559 describes a heap-based buffer overflow in Adobe Flash Player and AIR, caused by an integer/length handling issue in CopyPixelsToByteArray and related vector data structures. Exploitation relies on manipulating a large ByteArray position to trigger a write past the buffer end, then u...
CVE-2019-7090
Adobe Flash Player vulnerable to an out-of-bounds read (CVE-2019-7090) in Desktop Runtime and browser plugins (Flash Player Desktop Runtime 32.0.0.114 and earlier; Chrome/plugin 32.0.0.114 and earlier; Edge/IE11 32.0.0.114 and earlier) that could disclose information. Connected sources confirm th...
CVE-2010-0209
CVE-2010-0209 affects Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3. The vulnerability enables arbitrary code execution or memory corruption via unspecified vectors. Connected sources corroborate multiple advisories and patches surrounding this CVE, noti...
CVE-2015-0346
CVE-2015-0346 is a double-free vulnerability in Adobe Flash Player that allows arbitrary code execution. Affected products and versions: Windows and OS X builds prior to 13.0.0.281, and 14.x up to 17.x before 17.0.0.169; Linux prior to 11.2.202.457. Root cause: a double-free condition in Flash’s ...
CVE-2017-3068
CVE-2017-3068 is an Adobe Flash Player vulnerability affecting versions up to 25.0.0.148 (and earlier) where memory corruption in the Advanced Video Coding (AVC) engine could allow an attacker to execute arbitrary code. Several advisories note a remote code-execution risk via crafted SWF content ...
CVE-2008-4822
Adobe Flash Player/Flash plugin is affected by CVE-2008-4822, which describes a flaw in interpreting policy files that could bypass a non-root domain policy. Public advisories (e.g., RHSA-2008-0980 for Red Hat systems and GLSA-2009-03-23 for Gentoo) note that Flash policy interpretation issues we...
CVE-2011-2424
CVE-2011-2424 is listed among Adobe Reader/Flash Player vulnerability advisories (RHSA-2011:1434, RHSA-2011:1144) affecting Adobe Reader and Flash Player where a crafted SWF in PDFs could cause memory corruption and remote code execution. The connected advisories indicate multiple Flash/Reader fl...
CVE-2016-4178
CVE-2016-4178 concerns Adobe Flash Player, where a security bypass could lead to information disclosure. The CVE entry covers affected versions on multiple platforms: Windows/OS X builds prior to 18.0.0.366 and 19.x through 22.x prior to 22.0.0.209; Linux builds prior to 11.2.202.632. The vulnera...
CVE-2016-4179
Technical details for CVE-2016-4179 are not publicly available in the provided Connected documents. Monitor for updates from vendor advisories and public sources.
CVE-2007-4324
Summary: CVE-2007-4324 affects Adobe Flash Player (and related Flash plugins) where ActionScript/Flash content could be used to determine open ports on a target via timing discrepancies in SecurityErrorEvent handling. Connected advisories (RHSA/RHSA sub-pages) confirm this issue as part of multip...
CVE-2011-2110
CVE-2011-2110 affects Adobe Flash Player versions prior to 10.3.181.26 (Windows/macOS/Linux/Solaris) and prior to 10.3.185.23 on Android, with a memory corruption flaw that allowed remote code execution or a crash via unspecified vectors; exploitation was observed in the wild in June 2011. The is...
CVE-2015-3044
CVE-2015-3044 affects Adobe Flash Player across Windows, macOS and Linux (e.g., Flash Player before 13.0.0.281 and 14.x up to 17.x before 17.0.0.169 on Windows/macOS; before 11.2.202.457 on Linux). The vulnerability is a access restriction bypass that could leak sensitive data via unspecified vec...
CVE-2015-8068
Technical details about CVE-2015-8068 are not publicly available in the provided connected documents; no concrete affected products, versions, root cause, or remediation are disclosed here. Monitor for updates.
CVE-2010-2188
Technical details about CVE-2010-2188 are not publicly available in the provided connected documents. Monitor for updates in EUVD entries and other sources for concrete information on affected products, impact, and fixes.
CVE-2015-7663
CVE-2015-7663 is a use-after-free vulnerability affecting Adobe Flash Player prior to 18.0.0.261 and 19.x prior to 19.0.0.245 on Windows/OS X, and prior to 11.2.202.548 on Linux; and Adobe AIR before 19.0.0.241 (and related SDK/Compiler). It allows attackers to execute arbitrary code via unspecif...
CVE-2016-4138
CVE-2016-4138 is a buffer overflow vulnerability in Adobe Flash Player 21.0.0.242 and earlier, affecting the Flash runtime used by Microsoft Internet Explorer 10/11 and Edge. Connected sources indicate the issue can enable arbitrary code execution via crafted content (e.g., ATF files) and that ex...
CVE-2019-7096
Adobe Flash Player is affected by CVE-2019-7096 (use-after-free leading to arbitrary code execution) and CVE-2019-7108 (out-of-bounds read leading to information disclosure) in versions up to 32.0.0.156. Multiple connected advisories confirm the issues and recommend upgrading to 32.0.0.171 (or la...
CVE-2008-4819
CVE-2008-4819 is an unspecified DNS rebinding vulnerability in Adobe Flash Player 9.0.124.0 and earlier. Affected: Flash Player (multiple OS/browser contexts); impact described as enabling DNS rebinding by remote attackers via unknown vectors. Remediation evidenced in connected advisories: Red Ha...
CVE-2014-4671
CVE-2014-4671 refers to a Flash/ AIR JSONP CSRF vulnerability where SWF content could bypass restrictions, enabling remote CSRF attacks against JSONP endpoints and potential data exposure. Affected products include Adobe Flash Player (Windows/macOS: up to 13.0.0.231 and 14.x up to 14.0.0.145; Lin...
CVE-2017-2997
CVE-2017-2997 is an Adobe Flash Player vulnerability (≤ 24.0.0.221) describing a stack/heap buffer overflow in Primetime TVSDK that could allow arbitrary code execution. Multiple connected advisories confirm the issue affects Flash Player components and remote exploitation is possible via crafted...
CVE-2010-2179
CVE-2010-2179 is a documented XSS in Adobe Flash Player (and related Flash/AIR components) triggered when Firefox/Chrome access certain URLs. Connected advisories (RHSA-2010-0470 and RHSA-2010-0464) describe a flash-plugin security update addressing this and related CVEs, noting an input sanitiza...
CVE-2010-2884
CVE-2010-2884 affects Adobe Flash Player 10.1.82.76 and earlier (Windows, macOS, Linux, Solaris) and 10.1.92.10 on Android, plus authplay.dll in Adobe Reader/Acrobat 9.x (before 9.4) and 8.x (before 8.2.5). The vulnerability enables remote code execution or memory corruption via unspecified vecto...
CVE-2012-0724
CVE-2012-0724 affects Adobe Flash Player prior to 11.2.202.229 in Google Chrome prior to 18.0.1025.151. The vulnerability enables memory corruption leading to a possible denial of service or other unspecified impact via unknown vectors (distinct from CVE-2012-0725). Connected advisories corrobora...
CVE-2015-8418
CVE-2015-8418 affects Adobe Flash Player (Windows/macOS: before 18.0.0.268 and 19.x; before 20.0.0.228 for 20.x on Windows/macOS; Linux: before 11.2.202.554) and Adobe AIR (before 20.0.0.204, including AIR SDK before 20.0.0.204) with memory corruption allowing arbitrary code execution or a denial...
CVE-2017-2930
CVE-2017-2930 affects Adobe Flash Player versions 24.0.0.186 and earlier. The vulnerability is a memory corruption caused by a concurrency error while manipulating a display list, and is able to lead to arbitrary code execution on a remote host. Exploitation was demonstrated in advisories and exp...
CVE-2015-8634
CVE-2015-8634 describes a use-after-free vulnerability in Adobe Flash Player (Windows/macOS: prior to 18.0.0.324 and 19.x; prior to 20.0.0.267 for 20.x) and Linux prior to 11.2.202.559, as well as in Adobe AIR before 20.0.0.233 (including AIR SDK/Compiler before 20.0.0.233). It allows attackers t...
CVE-2019-7837
Summary: CVE-2019-7837 is a use-after-free vulnerability in Adobe Flash Player that could allow arbitrary code execution. The issue affects multiple Flash runtimes prior to version 32.0.0.192 (as reflected in Red Hat RHSA-2019:1234 and related advisories). Affected products/components: Adobe Flas...