Flex Security Vulnerabilities and Issues — Flex CVE List

AdobeFlex

15 matches found

CVE•added 2009/02/26 4:0 p.m.•94 views

CVE-2009-0114

CVE-2009-0114 is an Adobe Flash Player vulnerability affecting Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 (and possibly other versions). The issue is described as an unspecified vulnerability in the Settings Manager that could allow a remote attacker to trick a user into visitin...

5.8CVSS7.4AI score0.03847EPSS

CVE•added 2009/02/26 4:0 p.m.•94 views

CVE-2009-0520

CVE-2009-0520 affects Adobe Flash Player 9.x prior to 9.0.159.0 and 10.x prior to 10.0.22.87. The issue arises when Flash processing SWF content fails to properly remove references to destroyed objects, enabling remote code execution via a crafted SWF file (buffer overflow-related). Public adviso...

9.3CVSS7.8AI score0.28484EPSS

CVE•added 2009/02/26 4:0 p.m.•88 views

CVE-2009-0519

CVE-2009-0519 is a vulnerability in Adobe Flash Player 9.x (before 9.0.159.0) and Flash Player 10.x (before 10.0.22.87) that could be triggered by a crafted Shockwave Flash (.swf) file, potentially causing a browser crash or remote code execution. The issue is described across multiple advisories...

9.3CVSS7.9AI score0.14764EPSS

CVE•added 2009/07/31 7:0 p.m.•81 views

CVE-2009-1864

CVE-2009-1864 is a heap-based buffer overflow in Adobe Flash Player (pre-9.0.246.0 and in the 10.x line prior to 10.0.32.18) and Adobe AIR before 1.5.2 that can crash the application or possibly allow arbitrary code execution via unspecified vectors. Affected components include Flash Player and A...

9.3CVSS8.1AI score0.07301EPSS

CVE•added 2009/07/31 7:0 p.m.•81 views

CVE-2009-1867

CVE-2009-1867: Adobe Flash Player (before 9.0.246.0 and before 10.0.32.18 for 10.x) and Adobe AIR before 1.5.2 are affected by a clickjacking vulnerability. The issue can trick a user into (1) selecting a link or (2) completing a dialog. Remediation is to update Flash Player to a newer version (e...

4.3CVSS7.3AI score0.0393EPSS

CVE•added 2009/07/31 7:0 p.m.•81 views

CVE-2009-1868

CVE-2009-1868 describes a heap-based buffer overflow in Adobe Flash Player (before 9.0.246.0 and in 10.x before 10.0.32.18) and Adobe AIR (before 1.5.2) that can allow a denial of service or possibly arbitrary code execution via unspecified vectors involving URL parsing. Connected advisories note...

9.3CVSS8.1AI score0.21442EPSS

CVE•added 2009/07/31 7:0 p.m.•77 views

CVE-2009-1863

CVE-2009-1863 refers to an unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and in 10.x before 10.0.32.18, and in Adobe AIR before 1.5.2. It can cause a denial of service (application crash) and may allow arbitrary code execution via unknown vectors, with a note of related privile...

9.3CVSS8AI score0.06033EPSS

CVE•added 2009/07/31 7:0 p.m.•77 views

CVE-2009-1865

CVE-2009-1865 affects Adobe Flash Player prior to 9.0.246.0, Flash Player for 10.x prior to 10.0.32.18, and Adobe AIR prior to 1.5.2, via a null pointer vulnerability that could cause application crash and potentially allow arbitrary code execution. The connected advisories indicate a Flash Playe...

9.3CVSS8AI score0.06033EPSS

CVE•added 2008/04/09 9:0 p.m.•76 views

CVE-2007-6019

CVE-2007-6019 affects Adobe Flash Player 9.0.115.0 and earlier (and 8.0.39.0 and earlier). The vulnerability arises from a modified DeclareFunction2 Actionscript tag that can prevent object instantiation, enabling remote arbitrary-code execution when a crafted SWF is processed. Remediation mentio...

9.3CVSS7.4AI score0.5977EPSS

CVE•added 2009/07/31 7:0 p.m.•75 views

CVE-2009-1866

The CVE-2009-1866 entry describes a stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and in Flash Player 10.x before 10.0.32.18, plus Adobe AIR before 1.5.2, that could cause a denial of service (crash) or possibly allow arbitrary code execution via unspecified vectors. The conn...

9.3CVSS8.1AI score0.07301EPSS

CVE•added 2009/07/31 7:0 p.m.•73 views

CVE-2009-1869

CVE-2009-1869 describes an integer overflow in the ActionScript VM 2 (AVM2) abcFile parser in Adobe Flash Player, exploitable via a large intrf_count value that can dereference an out-of-bounds pointer. Affected: Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2...

9.3CVSS8AI score0.19698EPSS

CVE•added 2008/04/09 9:0 p.m.•72 views

CVE-2008-1655

CVE-2008-1655 refers to a DNS rebinding vulnerability in Adobe Flash Player 9.0.115.0 and earlier (and 8.0.39.0 and earlier) that could be exploited remotely via unspecified vectors. Open-source advisories and Red Hat/OSS reports corroborate that this issue was addressed by updating Flash Player ...

4.3CVSS6.3AI score0.04903EPSS

CVE•added 2009/07/31 7:0 p.m.•71 views

CVE-2009-1870

CVE-2009-1870 is a local sandbox vulnerability in Adobe Flash Player (affecting Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2) that could disclose sensitive information when a SWF is saved to the user’s hard drive. Connected advisories confirm Red Hat and ot...

4.9CVSS7.1AI score0.00773EPSS

CVE•added 2009/02/26 4:0 p.m.•70 views

CVE-2009-0522

CVE-2009-0522 affects Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows, where an attacker could trick a user into visiting an arbitrary URL via manipulation of the mouse pointer display (a clickjacking-like issue). Multiple connected sources corroborate the Windows-sp...

4.3CVSS6.8AI score0.02701EPSS

CVE•added 2008/06/18 7:29 p.m.•68 views

CVE-2008-2640

CVE-2008-2640 concerns cross-site scripting in Adobe Flex 3 History Management. The vulnerability lies in historyFrame.html (used by Flex 3.0.1 SDK and Flex Builder 3 and generated applications) where user-supplied values are not properly filtered in the anchor identifier, enabling remote attacke...

4.3CVSS5.8AI score0.02674EPSS

Web