Flash Player Security Vulnerabilities and Issues — Flash Player CVE List

Lucene search

AdobeFlash Player

10 matches found

CVE•added 2007/12/20 1:46 a.m.•99 views

CVE-2007-6243

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

9.3CVSS5.4AI score0.46434EPSS

CVE•added 2007/08/14 12:17 a.m.•88 views

CVE-2007-4324

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, th...

5CVSS6.4AI score0.26086EPSS

CVE•added 2007/07/11 4:30 p.m.•61 views

CVE-2007-3456

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of v...

9.3CVSS8AI score0.76622EPSS

CVE•added 2007/12/20 1:46 a.m.•58 views

CVE-2007-6244

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player A...

4.3CVSS5.5AI score0.58426EPSS

Web

CVE•added 2007/12/20 1:46 a.m.•57 views

CVE-2007-6242

Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."

6.8CVSS7.4AI score0.57674EPSS

CVE•added 2007/04/13 6:19 p.m.•56 views

CVE-2007-2022

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

6.8CVSS5.9AI score0.15365EPSS

CVE•added 2007/12/20 1:46 a.m.•56 views

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.

5.8CVSS6.4AI score0.27062EPSS

CVE•added 2007/12/20 1:46 a.m.•52 views

CVE-2007-6246

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.

4.4CVSS6.3AI score0.00254EPSS

CVE•added 2007/10/18 12:17 a.m.•51 views

CVE-2007-5476

Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

10CVSS9.4AI score0.20643EPSS

CVE•added 2007/07/11 4:30 p.m.•50 views

CVE-2007-3457

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.

4.3CVSS6.3AI score0.07197EPSS