Flash Player@* Security Vulnerabilities and Issues — Flash Player@* CVE List

CVE•added 2012/02/16 7:55 p.m.•1073 views

CVE-2012-0754

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vect...

9.3CVSS7.6AI score0.93101EPSS

CVE•added 2012/02/16 7:55 p.m.•1053 views

CVE-2012-0767

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via u...

6.1CVSS5AI score0.16382EPSS

CVE•added 2015/04/14 10:59 p.m.•1051 views

CVE-2015-3043

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different ...

10CVSS7.7AI score0.86512EPSS

In wildWeb

CVE•added 2010/06/08 6:30 p.m.•1027 views

CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SW...

9.3CVSS9.7AI score0.93621EPSS

CVE•added 2015/02/02 7:59 p.m.•1021 views

CVE-2015-0313

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnera...

10CVSS7.9AI score0.93166EPSS

CVE•added 2011/04/13 2:55 p.m.•1008 views

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x be...

9.3CVSS8.8AI score0.92899EPSS

CVE•added 2015/12/28 11:59 p.m.•1007 views

CVE-2015-8651

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code ...

9.3CVSS9.6AI score0.89783EPSS

CVE•added 2012/08/15 10:31 a.m.•997 views

CVE-2012-1535

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF c...

9.3CVSS7.7AI score0.923EPSS

CVE•added 2012/09/24 5:55 p.m.•982 views

CVE-2012-5054

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

9.3CVSS7.8AI score0.76609EPSS

CVE•added 2015/06/23 9:59 p.m.•926 views

CVE-2015-3113

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

10CVSS8.2AI score0.92905EPSS

CVE•added 2015/01/23 9:59 p.m.•881 views

CVE-2015-0310

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on ot...

10CVSS6.7AI score0.40551EPSS

CVE•added 2014/02/21 5:7 a.m.•214 views

CVE-2014-0502

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows rem...

10CVSS7.8AI score0.85668EPSS

CVE•added 2014/02/05 5:15 a.m.•211 views

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.8AI score0.93016EPSS

CVE•added 2020/10/14 2:15 p.m.•184 views

CVE-2020-9746

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default del...

9.3CVSS7.9AI score0.01236EPSS

CVE•added 2012/03/28 7:55 p.m.•164 views

CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to ex...

9.3CVSS7.5AI score0.01232EPSS

CVE•added 2013/03/11 10:55 a.m.•151 views

CVE-2013-2555

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK ...

10CVSS7.8AI score0.05981EPSS

CVE•added 2012/02/16 7:55 p.m.•150 views

CVE-2012-0752

9.3CVSS7.6AI score0.06419EPSS

CVE•added 2013/02/27 12:55 a.m.•148 views

CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SW...

9.3CVSS7.6AI score0.36931EPSS

CVE•added 2020/02/13 4:15 p.m.•139 views

CVE-2020-3757

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.05414EPSS

CVE•added 2012/02/16 7:55 p.m.•137 views

CVE-2012-0753

9.3CVSS7.6AI score0.0211EPSS

CVE•added 2012/02/16 7:55 p.m.•130 views

CVE-2012-0756

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than ...

9.3CVSS6.3AI score0.05025EPSS

CVE•added 2008/08/29 5:41 p.m.•100 views

CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

4.3CVSS6.2AI score0.02617EPSS

CVE•added 2010/08/11 6:47 p.m.•98 views

CVE-2010-0209

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.

CVE•added 2010/06/15 6:0 p.m.•96 views

CVE-2010-2179

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

4.3CVSS7.5AI score0.22192EPSS

CVE•added 2018/02/06 9:29 p.m.•95 views

CVE-2018-4877

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

10CVSS9.5AI score0.05038EPSS

CVE•added 2012/04/06 8:55 p.m.•92 views

CVE-2012-0724

Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.

9.3CVSS7AI score0.01005EPSS

CVE•added 2006/02/02 11:0 a.m.•83 views

CVE-2005-4708

Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.

7.2CVSS7.7AI score0.00167EPSS

CVE•added 2010/08/11 6:47 p.m.•83 views

CVE-2010-2215

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

4.3CVSS9.2AI score0.01802EPSS

CVE•added 2010/08/11 6:47 p.m.•79 views

CVE-2010-2214

CVE•added 2010/08/11 6:47 p.m.•78 views

CVE-2010-2213

CVE•added 2012/02/16 7:55 p.m.•78 views

CVE-2012-0751

The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.04236EPSS

CVE•added 2010/08/11 6:47 p.m.•76 views

CVE-2010-2216

CVE•added 2013/02/27 12:55 a.m.•72 views

CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SW...

9.3CVSS7.6AI score0.36303EPSS

CVE•added 2012/02/16 7:55 p.m.•68 views

CVE-2012-0755

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than ...

9.3CVSS6.3AI score0.05025EPSS

CVE•added 2012/04/06 8:55 p.m.•65 views

CVE-2012-0725

9.3CVSS7AI score0.01005EPSS

CVE•added 2013/05/16 11:45 a.m.•63 views

CVE-2013-3332

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

CVE•added 2008/04/02 6:44 p.m.•62 views

CVE-2008-1654

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the prim...

4.3CVSS6.6AI score0.30802EPSS

CVE•added 2013/05/16 11:45 a.m.•62 views

CVE-2013-2728

CVE•added 2006/09/12 11:7 p.m.•61 views

CVE-2006-4640

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

6.8CVSS6.3AI score0.29973EPSS

CVE•added 2013/05/16 11:45 a.m.•59 views

CVE-2013-3330

CVE•added 2013/05/16 11:45 a.m.•58 views

CVE-2013-3324

CVE•added 2013/05/16 11:45 a.m.•58 views

CVE-2013-3327