Flash Player Security Vulnerabilities and Issues — Flash Player CVE List

Lucene search

AdobeFlash Player

456 matches found

CVE•added 2018/02/06 9:29 p.m.•1427 views

CVE-2018-4878

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the w...

9.8CVSS8.8AI score0.93436EPSS

CVE•added 2016/11/01 10:59 p.m.•1092 views

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

9.3CVSS9AI score0.46889EPSS

CVE•added 2012/06/09 12:55 a.m.•1058 views

CVE-2012-2034

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.25628EPSS

CVE•added 2011/03/15 5:55 p.m.•1048 views

CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windo...

9.3CVSS8.9AI score0.92398EPSS

CVE•added 2012/02/16 7:55 p.m.•1041 views

CVE-2012-0754

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vect...

9.3CVSS7.6AI score0.93101EPSS

CVE•added 2010/06/08 6:30 p.m.•995 views

CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SW...

9.3CVSS9.7AI score0.93537EPSS

CVE•added 2016/03/12 3:59 p.m.•978 views

CVE-2016-1010

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary c...

9.3CVSS9AI score0.28792EPSS

CVE•added 2009/07/23 8:30 p.m.•977 views

CVE-2009-1862

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or...

9.3CVSS7.8AI score0.57995EPSS

CVE•added 2011/04/13 2:55 p.m.•975 views

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x be...

9.3CVSS8.8AI score0.93736EPSS

CVE•added 2015/12/28 11:59 p.m.•974 views

CVE-2015-8651

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code ...

9.3CVSS9.6AI score0.89783EPSS

CVE•added 2016/02/10 8:59 p.m.•967 views

CVE-2016-0984

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arb...

9.3CVSS8.9AI score0.68375EPSS

CVE•added 2012/08/15 10:31 a.m.•965 views

CVE-2012-1535

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF c...

9.3CVSS7.7AI score0.923EPSS

CVE•added 2015/10/15 10:59 a.m.•961 views

CVE-2015-7645

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

9.3CVSS8.7AI score0.84843EPSS

CVE•added 2012/09/24 5:55 p.m.•949 views

CVE-2012-5054

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

9.3CVSS7.8AI score0.70117EPSS

CVE•added 2016/12/15 6:59 a.m.•856 views

CVE-2016-7892

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.18919EPSS

CVE•added 2012/06/09 12:55 a.m.•269 views

CVE-2012-2037

9.3CVSS7.6AI score0.25628EPSS

CVE•added 2016/02/10 8:59 p.m.•192 views

CVE-2016-0974

9.3CVSS8.9AI score0.68375EPSS

CVE•added 2016/03/12 3:59 p.m.•187 views

CVE-2016-0963

9.3CVSS9AI score0.28792EPSS

CVE•added 2013/02/08 11:58 a.m.•184 views

CVE-2013-0634

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial ...

9.3CVSS7.7AI score0.90415EPSS

CVE•added 2016/02/10 8:59 p.m.•183 views

CVE-2016-0983

9.3CVSS8.9AI score0.68375EPSS

CVE•added 2016/02/10 8:59 p.m.•181 views

CVE-2016-0982

9.3CVSS8.9AI score0.68375EPSS

CVE•added 2020/10/14 2:15 p.m.•178 views

CVE-2020-9746

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default del...

9.3CVSS7.9AI score0.01029EPSS

CVE•added 2016/02/10 8:59 p.m.•176 views

CVE-2016-0973

Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20...

9.3CVSS8.8AI score0.68375EPSS

CVE•added 2016/04/09 1:59 a.m.•174 views

CVE-2016-1015

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-...

9.3CVSS9.6AI score0.8005EPSS

CVE•added 2016/03/12 3:59 p.m.•162 views

CVE-2016-0993

9.3CVSS9AI score0.28792EPSS

CVE•added 2016/02/10 8:59 p.m.•160 views

CVE-2016-0975

Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allo...

9.3CVSS8.8AI score0.68375EPSS

CVE•added 2012/03/28 7:55 p.m.•159 views

CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to ex...

9.3CVSS7.5AI score0.01232EPSS

CVE•added 2012/06/09 12:55 a.m.•154 views

CVE-2012-2036

Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attacker...

9.3CVSS7.7AI score0.0447EPSS

CVE•added 2013/12/11 3:55 p.m.•153 views

CVE-2013-5331

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code vi...

9.3CVSS7.6AI score0.87693EPSS

CVE•added 2012/05/04 7:55 p.m.•147 views

CVE-2012-0779

Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as...

9.3CVSS7.5AI score0.90067EPSS

CVE•added 2012/06/09 12:55 a.m.•147 views

CVE-2012-2035

Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allo...

9.3CVSS7.9AI score0.03472EPSS

CVE•added 2012/02/16 7:55 p.m.•145 views

CVE-2012-0752

9.3CVSS7.6AI score0.06419EPSS

CVE•added 2013/02/27 12:55 a.m.•145 views

CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SW...

9.3CVSS7.6AI score0.36931EPSS

CVE•added 2012/06/09 12:55 a.m.•140 views

CVE-2012-2039

9.3CVSS7.6AI score0.03866EPSS

CVE•added 2020/02/13 4:15 p.m.•138 views

CVE-2020-3757

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.05414EPSS

CVE•added 2012/02/16 7:55 p.m.•133 views

CVE-2012-0753

9.3CVSS7.6AI score0.0211EPSS

CVE•added 2012/02/16 7:55 p.m.•126 views

CVE-2012-0756

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than ...

9.3CVSS6.3AI score0.05025EPSS

CVE•added 2015/01/28 10:59 p.m.•114 views

CVE-2015-0312

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

9.3CVSS7.5AI score0.06261EPSS

CVE•added 2010/10/29 7:0 p.m.•109 views

CVE-2010-3654

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or caus...

9.3CVSS9.7AI score0.93527EPSS

CVE•added 2015/03/13 5:59 p.m.•103 views

CVE-2015-0336

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.

9.3CVSS9.6AI score0.91735EPSS

CVE•added 2008/11/17 10:21 p.m.•100 views

CVE-2008-4824

Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."

9.3CVSS7.5AI score0.28199EPSS

CVE•added 2007/12/20 1:46 a.m.•95 views

CVE-2007-6243

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

9.3CVSS5.4AI score0.46434EPSS

CVE•added 2010/08/11 6:47 p.m.•94 views

CVE-2010-0209

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.

9.3CVSS9.7AI score0.02297EPSS

CVE•added 2016/07/13 1:59 a.m.•94 views

CVE-2016-4179

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-20...

9.3CVSS9.3AI score0.44744EPSS

CVE•added 2011/08/15 9:55 p.m.•93 views

CVE-2011-2424

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via...

9.3CVSS8.8AI score0.13758EPSS

CVE•added 2017/01/11 4:59 a.m.•91 views

CVE-2017-2930

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.73562EPSS

CVE•added 2012/04/06 8:55 p.m.•90 views

CVE-2012-0724

Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.

9.3CVSS7AI score0.01005EPSS

CVE•added 2017/03/14 4:59 p.m.•89 views

CVE-2017-2997

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.01533EPSS

CVE•added 2010/06/15 6:0 p.m.•88 views

CVE-2010-2188

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

9.3CVSS9.9AI score0.01631EPSS

CVE•added 2016/06/16 2:59 p.m.•87 views

CVE-2016-4137

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.4017EPSS

Total number of security vulnerabilities456