Flash Player@* Security Vulnerabilities and Issues — Page 3 of Flash Player@* CVE List

Lucene search

AdobeFlash Player*

1067 matches found

CVE•added 2012/02/16 7:55 p.m.•128 views

CVE-2012-0756

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than ...

9.3CVSS6.3AI score0.05025EPSS

CVE•added 2012/03/28 7:55 p.m.•127 views

CVE-2012-0772

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via un...

10CVSS7.7AI score0.24398EPSS

CVE•added 2015/01/28 10:59 p.m.•116 views

CVE-2015-0312

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

9.3CVSS7.5AI score0.06261EPSS

CVE•added 2012/08/31 7:55 p.m.•115 views

CVE-2012-4171

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 al...

5CVSS6.3AI score0.01747EPSS

CVE•added 2015/03/13 5:59 p.m.•113 views

CVE-2015-0333

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-20...

10CVSS9.7AI score0.09331EPSS

CVE•added 2010/10/29 7:0 p.m.•111 views

CVE-2010-3654

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or caus...

9.3CVSS9.7AI score0.9357EPSS

CVE•added 2015/03/13 5:59 p.m.•110 views

CVE-2015-0332

10CVSS9.6AI score0.09331EPSS

CVE•added 2017/12/09 6:29 a.m.•110 views

CVE-2017-11213

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized tr...

10CVSS9.3AI score0.11384EPSS

CVE•added 2008/11/17 10:21 p.m.•107 views

CVE-2008-4824

Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."

9.3CVSS7.5AI score0.32697EPSS

CVE•added 2008/11/10 2:12 p.m.•106 views

CVE-2008-4818

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.

4.3CVSS5.4AI score0.09795EPSS

CVE•added 2019/06/12 4:29 p.m.•106 views

CVE-2019-7845

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

8.8CVSS8.8AI score0.10976EPSS

CVE•added 2015/03/13 5:59 p.m.•105 views

CVE-2015-0336

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.

9.3CVSS9.6AI score0.91735EPSS

CVE•added 2008/11/10 2:12 p.m.•104 views

CVE-2008-4821

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.

4.3CVSS5.6AI score0.03894EPSS

CVE•added 2015/04/14 10:59 p.m.•104 views

CVE-2015-0359

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.

10CVSS7.5AI score0.88732EPSS

CVE•added 2008/11/10 2:12 p.m.•102 views

CVE-2008-4823

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.

4.3CVSS5.4AI score0.09795EPSS

CVE•added 2015/04/14 10:59 p.m.•102 views

CVE-2015-0346

10CVSS7.5AI score0.88732EPSS

CVE•added 2007/12/20 1:46 a.m.•100 views

CVE-2007-6243

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

9.3CVSS5.4AI score0.46434EPSS

CVE•added 2008/11/10 2:12 p.m.•100 views

CVE-2008-4822

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

6.8CVSS6.3AI score0.12143EPSS

CVE•added 2008/10/17 7:31 p.m.•99 views

CVE-2008-4401

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to creat...

10CVSS6.8AI score0.04524EPSS

CVE•added 2008/08/29 5:41 p.m.•98 views

CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

4.3CVSS6.2AI score0.02617EPSS

CVE•added 2011/08/15 9:55 p.m.•98 views

CVE-2011-2424

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via...

9.3CVSS8.8AI score0.13758EPSS

CVE•added 2014/09/10 1:55 a.m.•97 views

CVE-2014-0559

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compile...

10CVSS7.8AI score0.86438EPSS

CVE•added 2015/08/14 1:59 a.m.•97 views

CVE-2015-5132

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different ...

10CVSS7.7AI score0.71451EPSS

CVE•added 2016/07/13 1:59 a.m.•97 views

CVE-2016-4178

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

4.3CVSS5.8AI score0.01586EPSS

CVE•added 2016/07/13 1:59 a.m.•97 views

CVE-2016-4179

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-20...

9.3CVSS9.3AI score0.36692EPSS

CVE•added 2019/05/24 7:29 p.m.•97 views

CVE-2019-7090

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to ...

6.5CVSS5.7AI score0.01229EPSS

CVE•added 2008/11/10 2:12 p.m.•96 views

CVE-2008-4819

Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

6.8CVSS6.3AI score0.1704EPSS

CVE•added 2010/08/11 6:47 p.m.•96 views

CVE-2010-0209

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.

9.3CVSS9.7AI score0.02297EPSS

CVE•added 2010/06/15 6:0 p.m.•96 views

CVE-2010-2179

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

4.3CVSS7.5AI score0.20428EPSS

CVE•added 2015/08/14 1:59 a.m.•94 views

CVE-2015-5133

10CVSS7.7AI score0.71451EPSS

CVE•added 2017/01/11 4:59 a.m.•94 views

CVE-2017-2930

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.73562EPSS

CVE•added 2010/06/15 6:0 p.m.•93 views

CVE-2010-2188

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

9.3CVSS9.9AI score0.01631EPSS

Web

CVE•added 2011/06/16 11:55 p.m.•93 views

CVE-2011-2110

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.

10CVSS8.9AI score0.9143EPSS

Web

CVE•added 2014/04/29 10:37 a.m.•93 views

CVE-2014-0515

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

10CVSS7.9AI score0.92952EPSS

CVE•added 2018/11/29 8:29 p.m.•93 views

CVE-2018-15981

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.4AI score0.31047EPSS

CVE•added 2018/02/06 9:29 p.m.•93 views

CVE-2018-4877

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

10CVSS9.5AI score0.05038EPSS

CVE•added 2014/05/14 11:13 a.m.•92 views

CVE-2014-0516

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5CVSS6.5AI score0.01299EPSS

CVE•added 2014/07/09 5:4 a.m.•92 views

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows re...

4.3CVSS6.5AI score0.35827EPSS

Web

CVE•added 2015/04/14 10:59 p.m.•92 views

CVE-2015-3044

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

5CVSS5.9AI score0.03733EPSS

CVE•added 2017/03/14 4:59 p.m.•92 views

CVE-2017-2997

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.01533EPSS

CVE•added 2012/04/06 8:55 p.m.•91 views

CVE-2012-0724

Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.

9.3CVSS7AI score0.01005EPSS

CVE•added 2013/11/13 1:55 a.m.•91 views

CVE-2013-5329

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause ...

10CVSS7.9AI score0.11531EPSS

CVE•added 2016/06/16 2:59 p.m.•91 views

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

10CVSS9.1AI score0.65184EPSS

CVE•added 2017/05/09 4:29 p.m.•91 views

CVE-2017-3068

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.381EPSS

CVE•added 2016/10/13 7:59 p.m.•90 views

CVE-2016-4273

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-20...

9.3CVSS9AI score0.24562EPSS

CVE•added 2017/05/09 4:29 p.m.•90 views

CVE-2017-3073

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.01768EPSS

CVE•added 2007/08/14 12:17 a.m.•89 views

CVE-2007-4324

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, th...

5CVSS6.4AI score0.26086EPSS

CVE•added 2016/06/16 2:59 p.m.•89 views

CVE-2016-4137

9.3CVSS8.9AI score0.4017EPSS

CVE•added 2019/05/22 7:29 p.m.•89 views

CVE-2019-7837

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.01421EPSS

CVE•added 2016/07/13 2:0 a.m.•88 views

CVE-2016-4238

9.3CVSS9.3AI score0.36692EPSS

Total number of security vulnerabilities1067