Flashplayer

CVEs (1,033)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2013-0643	Red Hat Enterprise Linux Desktop	Hig	0.74	8.8	0.59	KEV	Feb 27, 2013	The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary…
CVE-2012-1535	Red Hat Enterprise Linux Desktop	Hig	0.73	7.8	0.92	KEV	Aug 15, 2012	Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in…
CVE-2011-0609	Adobe Inc. Acrobat Reader	Hig	0.73	7.8	0.92	KEV	Mar 15, 2011	Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x…
CVE-2010-1297	Adobe Inc. Acrobat	Hig	0.73	7.8	0.93	KEV	Jun 8, 2010	Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2017-11281	Adobe Inc. Flashplayer	Cri	0.72	9.8	0.61		Dec 1, 2017	Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11292	Red Hat Enterprise Linux Desktop	Hig	0.72	8.8	0.35	KEV	Oct 22, 2017	Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…
CVE-2017-3078	Adobe Inc. Flashplayer	Cri	0.72	9.8	0.70		Jun 20, 2017	Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
CVE-2016-4138	Red Hat Enterprise Linux Desktop	Cri	0.72	9.8	0.61		Jun 16, 2016	Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-8439	Adobe Inc. Air	Hig	0.72	8.8	0.34	KEV	Nov 25, 2014	Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code…
CVE-2017-3077	Adobe Inc. Flashplayer	Cri	0.71	9.8	0.54		Jun 20, 2017	Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3076	Adobe Inc. Flashplayer	Cri	0.71	9.8	0.54		Jun 20, 2017	Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3061	Adobe Inc. Flashplayer	Cri	0.71	9.8	0.54		Apr 12, 2017	Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7892	Adobe Inc. Flash Player Desktop Runtime	Hig	0.71	8.8	0.22	KEV	Dec 15, 2016	Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVE-2016-1010	Adobe Inc. Air	Hig	0.70	8.8	0.13	KEV	Mar 12, 2016	Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to…
CVE-2017-11282	Adobe Inc. Flashplayer	Cri	0.68	9.8	0.21		Dec 1, 2017	Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-2930	GNU Flash Player	Hig	0.67	8.8	0.82		Jan 11, 2017	Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
CVE-2009-1862	Adobe Inc. Acrobat Reader	Hig	0.67	7.8	0.59	KEV	Jul 23, 2009	Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash…
CVE-2017-3068	Red Hat Enterprise Linux	Hig	0.66	8.8	0.68		May 9, 2017	Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2935	Adobe Inc. Flashplayer	Hig	0.66	8.8	0.69		Jan 11, 2017	Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2934	Adobe Inc. Flashplayer	Hig	0.66	8.8	0.69		Jan 11, 2017	Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.

CVE-2013-0643HigKEVFeb 27, 2013
Red Hat
Enterprise Linux Desktop
risk 0.74cvss 8.8epss 0.59
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary…
CVE-2012-1535HigKEVAug 15, 2012
Red Hat
Enterprise Linux Desktop
risk 0.73cvss 7.8epss 0.92
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in…
CVE-2011-0609HigKEVMar 15, 2011
Adobe Inc.
Acrobat Reader
risk 0.73cvss 7.8epss 0.92
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x…
CVE-2010-1297HigKEVJun 8, 2010
Adobe Inc.
Acrobat
risk 0.73cvss 7.8epss 0.93
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2017-11281CriDec 1, 2017
Adobe Inc.
Flashplayer
risk 0.72cvss 9.8epss 0.61
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11292HigKEVOct 22, 2017
Red Hat
Enterprise Linux Desktop
risk 0.72cvss 8.8epss 0.35
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…
CVE-2017-3078CriJun 20, 2017
Adobe Inc.
Flashplayer
risk 0.72cvss 9.8epss 0.70
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
CVE-2016-4138CriJun 16, 2016
Red Hat
Enterprise Linux Desktop
risk 0.72cvss 9.8epss 0.61
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-8439HigKEVNov 25, 2014
Adobe Inc.
Air
risk 0.72cvss 8.8epss 0.34
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code…
CVE-2017-3077CriJun 20, 2017
Adobe Inc.
Flashplayer
risk 0.71cvss 9.8epss 0.54
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3076CriJun 20, 2017
Adobe Inc.
Flashplayer
risk 0.71cvss 9.8epss 0.54
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3061CriApr 12, 2017
Adobe Inc.
Flashplayer
risk 0.71cvss 9.8epss 0.54
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7892HigKEVDec 15, 2016
Adobe Inc.
Flash Player Desktop Runtime
risk 0.71cvss 8.8epss 0.22
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVE-2016-1010HigKEVMar 12, 2016
Adobe Inc.
Air
risk 0.70cvss 8.8epss 0.13
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to…
CVE-2017-11282CriDec 1, 2017
Adobe Inc.
Flashplayer
risk 0.68cvss 9.8epss 0.21
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-2930HigJan 11, 2017
GNU
Flash Player
risk 0.67cvss 8.8epss 0.82
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
CVE-2009-1862HigKEVJul 23, 2009
Adobe Inc.
Acrobat Reader
risk 0.67cvss 7.8epss 0.59
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash…
CVE-2017-3068HigMay 9, 2017
Red Hat
Enterprise Linux
risk 0.66cvss 8.8epss 0.68
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2935HigJan 11, 2017
Adobe Inc.
Flashplayer
risk 0.66cvss 8.8epss 0.69
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2934HigJan 11, 2017
Adobe Inc.
Flashplayer
risk 0.66cvss 8.8epss 0.69
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.

Page 2 of 52