Flash Player Security Vulnerabilities and Issues — Flash Player CVE List

CVE•added 2016/05/11 1:59 a.m.•1024 views

CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

10CVSS9.8AI score0.92777EPSS

CVE•added 2016/04/07 10:59 a.m.•1021 views

CVE-2016-1019

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

10CVSS9.7AI score0.76278EPSS

CVE•added 2016/03/12 3:59 p.m.•1009 views

CVE-2016-1010

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary c...

9.3CVSS9AI score0.31545EPSS

CVE•added 2016/02/10 8:59 p.m.•998 views

CVE-2016-0984

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arb...

CVE•added 2016/06/16 2:59 p.m.•886 views

CVE-2016-4171

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

10CVSS9.6AI score0.23581EPSS

CVE•added 2016/12/15 6:59 a.m.•859 views

CVE-2016-7892

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.23358EPSS

CVE•added 2016/02/10 8:59 p.m.•222 views

CVE-2016-0974

CVE•added 2016/03/12 3:59 p.m.•218 views

CVE-2016-0963

9.3CVSS9AI score0.31545EPSS

CVE•added 2016/02/10 8:59 p.m.•215 views

CVE-2016-0983

CVE•added 2016/02/10 8:59 p.m.•212 views

CVE-2016-0982

CVE•added 2016/02/10 8:59 p.m.•207 views

CVE-2016-0973

Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20...

9.3CVSS8.8AI score0.7297EPSS

CVE•added 2016/04/09 1:59 a.m.•206 views

CVE-2016-1015

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-...

9.3CVSS9.6AI score0.76278EPSS

CVE•added 2016/03/12 3:59 p.m.•194 views

CVE-2016-0993

9.3CVSS9AI score0.31545EPSS

CVE•added 2016/02/10 8:59 p.m.•192 views

CVE-2016-0975

Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allo...

9.3CVSS8.8AI score0.7297EPSS

CVE•added 2016/07/13 1:59 a.m.•97 views

CVE-2016-4178

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

4.3CVSS5.8AI score0.01586EPSS

CVE•added 2016/07/13 1:59 a.m.•97 views

CVE-2016-4179

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-20...

9.3CVSS9.3AI score0.36692EPSS

CVE•added 2016/06/16 2:59 p.m.•91 views

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

10CVSS9.1AI score0.65184EPSS

Web

CVE•added 2016/10/13 7:59 p.m.•91 views

CVE-2016-4273

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-20...

CVE•added 2016/06/16 2:59 p.m.•89 views

CVE-2016-4137

9.3CVSS8.9AI score0.4017EPSS

Web

CVE•added 2016/07/13 2:0 a.m.•88 views

CVE-2016-4238

9.3CVSS9.3AI score0.36692EPSS

CVE•added 2016/11/08 5:59 p.m.•86 views

CVE-2016-7865

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.11156EPSS

CVE•added 2016/06/16 2:59 p.m.•85 views

CVE-2016-4149

9.3CVSS8.9AI score0.02953EPSS

CVE•added 2016/09/14 6:59 p.m.•85 views

CVE-2016-6926

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016...

CVE•added 2016/07/13 1:59 a.m.•84 views

CVE-2016-4175

9.3CVSS9.3AI score0.36692EPSS

CVE•added 2016/07/13 2:0 a.m.•84 views

CVE-2016-4229

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016...

9.3CVSS9AI score0.6341EPSS

CVE•added 2016/11/08 5:59 p.m.•84 views

CVE-2016-7859

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS

CVE•added 2016/10/13 7:59 p.m.•83 views

CVE-2016-6986

CVE•added 2016/09/14 6:59 p.m.•82 views

CVE-2016-4272

CVE•added 2016/09/14 6:59 p.m.•82 views

CVE-2016-4284

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-20...

9.3CVSS9.1AI score0.26034EPSS

CVE•added 2016/09/14 6:59 p.m.•82 views

CVE-2016-4285

9.3CVSS9.1AI score0.26034EPSS

CVE•added 2016/06/16 2:59 p.m.•81 views

CVE-2016-4152

9.3CVSS8.9AI score0.04131EPSS

CVE•added 2016/09/14 6:59 p.m.•81 views

CVE-2016-6929

CVE•added 2016/09/14 6:59 p.m.•81 views

CVE-2016-6930

CVE•added 2016/10/13 7:59 p.m.•81 views

CVE-2016-6985

CVE•added 2016/10/13 8:0 p.m.•81 views

CVE-2016-6992

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."

9.3CVSS8.9AI score0.08851EPSS

CVE•added 2016/11/08 5:59 p.m.•81 views

CVE-2016-7857

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS

CVE•added 2016/05/11 11:0 a.m.•80 views

CVE-2016-1098

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

7.6CVSS8.3AI score0.15468EPSS

CVE•added 2016/06/16 2:59 p.m.•80 views

CVE-2016-4150

9.3CVSS8.9AI score0.04131EPSS

CVE•added 2016/07/13 2:0 a.m.•80 views

CVE-2016-4222

8.8CVSS9AI score0.6341EPSS

CVE•added 2016/09/14 6:59 p.m.•80 views

CVE-2016-6927

CVE•added 2016/09/14 6:59 p.m.•80 views

CVE-2016-6931

CVE•added 2016/10/13 8:0 p.m.•80 views

CVE-2016-6989

CVE•added 2016/03/12 3:59 p.m.•79 views

CVE-2016-0960

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial...

9.3CVSS9AI score0.53031EPSS

CVE•added 2016/05/11 11:0 a.m.•79 views

CVE-2016-1102

7.6CVSS8.3AI score0.39664EPSS

Web

CVE•added 2016/06/16 2:59 p.m.•79 views

CVE-2016-4153

9.3CVSS8.9AI score0.04131EPSS

CVE•added 2016/09/14 6:59 p.m.•79 views

CVE-2016-4279

CVE•added 2016/09/14 6:59 p.m.•79 views

CVE-2016-6921