Flash Player Security Vulnerabilities and Issues — Page 4 of Flash Player CVE List

Lucene search

AdobeFlash Player

1084 matches found

CVE•added 2019/05/23 5:29 p.m.•85 views

CVE-2019-7096

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.06773EPSS

CVE•added 2019/05/23 5:29 p.m.•85 views

CVE-2019-7108

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

7.5CVSS7.9AI score0.03145EPSS

CVE•added 2007/08/14 12:17 a.m.•84 views

CVE-2007-4324

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, th...

5CVSS6.4AI score0.26086EPSS

CVE•added 2014/09/10 1:55 a.m.•84 views

CVE-2014-0556

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compile...

10CVSS8AI score0.86438EPSS

CVE•added 2015/11/11 1:0 p.m.•84 views

CVE-2015-7663

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary co...

10CVSS7.7AI score0.74587EPSS

CVE•added 2017/02/15 6:59 a.m.•84 views

CVE-2017-2986

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.34466EPSS

CVE•added 2006/10/17 9:7 p.m.•83 views

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via ...

5CVSS8AI score0.18542EPSS

CVE•added 2015/03/13 5:59 p.m.•83 views

CVE-2015-0339

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-20...

10CVSS9.7AI score0.09331EPSS

CVE•added 2015/07/09 4:59 p.m.•83 views

CVE-2015-3128

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute...

10CVSS7.5AI score0.68245EPSS

CVE•added 2016/06/16 2:59 p.m.•83 views

CVE-2016-4149

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/07/13 2:0 a.m.•83 views

CVE-2016-4238

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-20...

9.3CVSS9.3AI score0.44744EPSS

CVE•added 2016/09/14 6:59 p.m.•83 views

CVE-2016-6926

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016...

9.3CVSS9AI score0.02828EPSS

CVE•added 2017/05/09 4:29 p.m.•83 views

CVE-2017-3072

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.01969EPSS

CVE•added 2017/05/09 4:29 p.m.•83 views

CVE-2017-3074

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.01969EPSS

CVE•added 2009/02/26 4:17 p.m.•82 views

CVE-2009-0520

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

9.3CVSS7.8AI score0.16079EPSS

CVE•added 2014/09/10 1:55 a.m.•82 views

CVE-2014-0552

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow atta...

10CVSS7.7AI score0.0558EPSS

CVE•added 2015/04/14 10:59 p.m.•82 views

CVE-2015-0348

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.

10CVSS7.7AI score0.05587EPSS

CVE•added 2015/04/14 10:59 p.m.•82 views

CVE-2015-0351

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-...

10CVSS7.5AI score0.1102EPSS

CVE•added 2015/06/10 1:59 a.m.•82 views

CVE-2015-3097

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it ea...

5CVSS6.3AI score0.10451EPSS

CVE•added 2015/09/22 10:59 a.m.•82 views

CVE-2015-5582

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS

CVE•added 2015/11/11 12:59 p.m.•82 views

CVE-2015-7651

9.3CVSS7.5AI score0.74587EPSS

CVE•added 2015/12/10 5:59 a.m.•82 views

CVE-2015-8062

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arb...

10CVSS9.2AI score0.60453EPSS

CVE•added 2016/11/08 5:59 p.m.•82 views

CVE-2016-7865

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.11156EPSS

CVE•added 2018/08/29 1:29 p.m.•82 views

CVE-2018-12824

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

5.9CVSS6.8AI score0.01338EPSS

CVE•added 2019/01/18 5:29 p.m.•82 views

CVE-2018-15983

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

7.8CVSS8.5AI score0.00926EPSS

CVE•added 2011/08/10 9:55 p.m.•81 views

CVE-2011-2130

Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vul...

10CVSS9AI score0.13356EPSS

CVE•added 2014/11/11 11:55 p.m.•81 views

CVE-2014-0576

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of ...

10CVSS7.7AI score0.88009EPSS

CVE•added 2015/10/15 12:0 a.m.•81 views

CVE-2015-7632

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Load...

9.3CVSS7.5AI score0.06986EPSS

CVE•added 2015/12/10 5:59 a.m.•81 views

CVE-2015-8424

10CVSS9.2AI score0.60453EPSS

CVE•added 2016/07/13 1:59 a.m.•81 views

CVE-2016-4175

9.3CVSS9.3AI score0.44744EPSS

CVE•added 2016/07/13 2:0 a.m.•81 views

CVE-2016-4229

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016...

9.3CVSS9AI score0.73665EPSS

CVE•added 2017/03/14 4:59 p.m.•81 views

CVE-2017-3002

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.0114EPSS

CVE•added 2010/11/07 10:0 p.m.•80 views

CVE-2010-3649

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability...

9.3CVSS9.7AI score0.03964EPSS

CVE•added 2010/10/19 9:0 p.m.•80 views

CVE-2010-3976

Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file...

9.3CVSS9.2AI score0.10042EPSS

CVE•added 2014/08/12 10:55 p.m.•80 views

CVE-2014-0545

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly res...

10CVSS6.3AI score0.00782EPSS

CVE•added 2015/02/06 12:59 a.m.•80 views

CVE-2015-0318

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-20...

10CVSS7.7AI score0.89185EPSS

CVE•added 2015/11/11 1:0 p.m.•80 views

CVE-2015-7662

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write ...

7.8CVSS6.6AI score0.01794EPSS

CVE•added 2015/12/10 5:59 a.m.•80 views

CVE-2015-8055

10CVSS9.2AI score0.60453EPSS

CVE•added 2016/09/14 6:59 p.m.•80 views

CVE-2016-4272

9.3CVSS9AI score0.02828EPSS

CVE•added 2016/09/14 6:59 p.m.•80 views

CVE-2016-4285

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-20...

9.3CVSS9.1AI score0.26204EPSS

CVE•added 2016/11/08 5:59 p.m.•80 views

CVE-2016-7859

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS

CVE•added 2017/12/09 6:29 a.m.•80 views

CVE-2017-11215

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code ...

10CVSS9.2AI score0.05822EPSS

CVE•added 2017/03/14 4:59 p.m.•80 views

CVE-2017-3000

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.26283EPSS

CVE•added 2010/08/11 6:47 p.m.•79 views

CVE-2010-2215

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

4.3CVSS9.2AI score0.01802EPSS

CVE•added 2014/01/15 4:13 p.m.•79 views

CVE-2014-0491

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mecha...

10CVSS6.4AI score0.02208EPSS

CVE•added 2015/04/14 10:59 p.m.•79 views

CVE-2015-0357

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerabili...

5CVSS6.3AI score0.0076EPSS

CVE•added 2015/04/14 10:59 p.m.•79 views

CVE-2015-3040

5CVSS6.3AI score0.0076EPSS

CVE•added 2015/06/10 1:59 a.m.•79 views

CVE-2015-3104

Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 o...

10CVSS7.7AI score0.04479EPSS

CVE•added 2015/12/10 5:59 a.m.•79 views

CVE-2015-8065

10CVSS9.2AI score0.60453EPSS

CVE•added 2016/06/16 2:59 p.m.•79 views

CVE-2016-4152

9.3CVSS8.9AI score0.03097EPSS

Total number of security vulnerabilities1084