Flash Player Security Vulnerabilities and Issues — Flash Player CVE List

Lucene search

AdobeFlash Player

29 matches found

CVE•added 2012/02/16 7:55 p.m.•1019 views

CVE-2012-0767

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via u...

6.1CVSS5AI score0.16382EPSS

CVE•added 2008/11/10 2:12 p.m.•95 views

CVE-2008-4822

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

6.8CVSS6.3AI score0.07757EPSS

CVE•added 2019/05/24 7:29 p.m.•95 views

CVE-2019-7090

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to ...

6.5CVSS5.7AI score0.01229EPSS

CVE•added 2008/11/10 2:12 p.m.•91 views

CVE-2008-4819

Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

6.8CVSS6.3AI score0.11166EPSS

CVE•added 2017/03/14 4:59 p.m.•80 views

CVE-2017-3000

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.26283EPSS

CVE•added 2017/07/17 1:18 p.m.•78 views

CVE-2017-3080

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

6.5CVSS6.9AI score0.03071EPSS

CVE•added 2018/07/09 7:29 p.m.•77 views

CVE-2018-5001

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.7AI score0.01364EPSS

CVE•added 2010/02/15 6:30 p.m.•76 views

CVE-2010-0186

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

6.8CVSS7.4AI score0.02923EPSS

CVE•added 2015/05/13 11:0 a.m.•76 views

CVE-2015-3085

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on f...

6.4CVSS6.6AI score0.22506EPSS

CVE•added 2017/01/11 4:59 a.m.•76 views

CVE-2017-2938

Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.

6.5CVSS7.2AI score0.0103EPSS

CVE•added 2016/09/14 6:59 p.m.•73 views

CVE-2016-4271

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-20...

6.5CVSS7.2AI score0.01676EPSS

CVE•added 2017/12/13 9:29 p.m.•73 views

CVE-2017-11305

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

6.5CVSS6.4AI score0.0247EPSS

CVE•added 2016/09/14 6:59 p.m.•72 views

CVE-2016-4277

6.5CVSS7.1AI score0.01676EPSS

CVE•added 2016/09/14 6:59 p.m.•71 views

CVE-2016-4278

6.5CVSS7.1AI score0.01676EPSS

CVE•added 2017/07/17 1:18 p.m.•71 views

CVE-2017-3100

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

6.5CVSS7.2AI score0.01881EPSS

CVE•added 2018/07/09 7:29 p.m.•70 views

CVE-2018-5000

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.01114EPSS

CVE•added 2015/05/13 11:0 a.m.•68 views

CVE-2015-3083

6.4CVSS6.6AI score0.22506EPSS

CVE•added 2011/08/10 10:55 p.m.•65 views

CVE-2011-2139

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecif...

6.4CVSS8.3AI score0.02879EPSS

CVE•added 2015/05/13 11:0 a.m.•65 views

CVE-2015-3082

6.4CVSS6.6AI score0.22506EPSS

CVE•added 2015/06/10 1:59 a.m.•65 views

CVE-2015-3096

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

6.8CVSS6.5AI score0.00423EPSS

CVE•added 2018/05/19 5:29 p.m.•63 views

CVE-2018-4936

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.23845EPSS

CVE•added 2008/10/09 6:0 p.m.•61 views

CVE-2008-4503

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

6.8CVSS6.3AI score0.04555EPSS

CVE•added 2018/05/19 5:29 p.m.•60 views

CVE-2018-4933

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.03592EPSS

CVE•added 2018/05/19 5:29 p.m.•59 views

CVE-2018-4934

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.19016EPSS

CVE•added 2006/09/12 11:7 p.m.•58 views

CVE-2006-4640

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

6.8CVSS6.3AI score0.29973EPSS

CVE•added 2014/03/12 5:15 a.m.•58 views

CVE-2014-0503

Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

6.4CVSS6.6AI score0.00502EPSS

CVE•added 2011/02/10 4:0 p.m.•55 views

CVE-2011-0575

Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9CVSS8.2AI score0.00137EPSS

CVE•added 2007/04/13 6:19 p.m.•54 views

CVE-2007-2022

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

6.8CVSS5.9AI score0.15365EPSS

CVE•added 2007/12/20 1:46 a.m.•53 views

CVE-2007-6242

Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."

6.8CVSS7.4AI score0.60627EPSS