Flashplayer

CVEs (1,033)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2007-6637	Adobe Inc. Flashplayer	0.03	—	0.38	Jan 4, 2008	Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector…
CVE-2007-6243	Adobe Inc. Flashplayer	0.03	—	0.39	Dec 20, 2007	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2006-4640	Adobe Inc. Flashplayer	0.03	—	0.34	Sep 12, 2006	Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
CVE-2018-15981	Adobe Inc. Flashplayer	0.02	—	0.24	Nov 29, 2018	Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2015-7630	GNU Flash Player	0.02	—	0.21	Oct 15, 2015	Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…
CVE-2015-7629	GNU Flash Player	0.02	—	0.20	Oct 15, 2015	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to…
CVE-2014-0582	GNU Flash Player	0.02	—	0.23	Nov 11, 2014	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows…
CVE-2014-0559	GNU Flash Player	0.02	—	0.19	Sep 10, 2014	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and…
CVE-2014-0510	GNU Flash Player	0.02	—	0.19	Mar 27, 2014	Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.
CVE-2014-0506	GNU Flash Player	0.02	—	0.20	Mar 27, 2014	Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before…
CVE-2012-0772	Adobe Inc. Air	0.02	—	0.20	Mar 28, 2012	An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service…
CVE-2010-2179	Adobe Inc. Air	0.02	—	0.22	Jun 15, 2010	Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL…
CVE-2009-3794	Adobe Inc. Air	0.02	—	0.21	Dec 10, 2009	Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
CVE-2008-4822	Adobe Inc. Flashplayer	0.02	—	0.21	Nov 10, 2008	Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
CVE-2008-4819	Adobe Inc. Flashplayer	0.02	—	0.29	Nov 10, 2008	Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
CVE-2008-4473	Adobe Inc. Flashplayer	0.02	—	0.27	Oct 17, 2008	Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
CVE-2008-1655	Adobe Inc. Air	0.02	—	0.27	Apr 9, 2008	Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
CVE-2008-1654	Adobe Inc. Flash	0.02	—	0.28	Apr 2, 2008	Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated…
CVE-2007-6245	Adobe Inc. Flashplayer	0.02	—	0.22	Dec 20, 2007	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
CVE-2007-5476	Opera Opera Browser	0.02	—	0.21	Oct 18, 2007	Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

CVE-2007-6637Jan 4, 2008
Adobe Inc.
Flashplayer
risk 0.03cvss —epss 0.38
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector…
CVE-2007-6243Dec 20, 2007
Adobe Inc.
Flashplayer
risk 0.03cvss —epss 0.39
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2006-4640Sep 12, 2006
Adobe Inc.
Flashplayer
risk 0.03cvss —epss 0.34
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
CVE-2018-15981Nov 29, 2018
Adobe Inc.
Flashplayer
risk 0.02cvss —epss 0.24
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2015-7630Oct 15, 2015
GNU
Flash Player
risk 0.02cvss —epss 0.21
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…
CVE-2015-7629Oct 15, 2015
GNU
Flash Player
risk 0.02cvss —epss 0.20
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to…
CVE-2014-0582Nov 11, 2014
GNU
Flash Player
risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows…
CVE-2014-0559Sep 10, 2014
GNU
Flash Player
risk 0.02cvss —epss 0.19
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and…
CVE-2014-0510Mar 27, 2014
GNU
Flash Player
risk 0.02cvss —epss 0.19
Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.
CVE-2014-0506Mar 27, 2014
GNU
Flash Player
risk 0.02cvss —epss 0.20
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before…
CVE-2012-0772Mar 28, 2012
Adobe Inc.
Air
risk 0.02cvss —epss 0.20
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service…
CVE-2010-2179Jun 15, 2010
Adobe Inc.
Air
risk 0.02cvss —epss 0.22
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL…
CVE-2009-3794Dec 10, 2009
Adobe Inc.
Air
risk 0.02cvss —epss 0.21
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
CVE-2008-4822Nov 10, 2008
Adobe Inc.
Flashplayer
risk 0.02cvss —epss 0.21
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
CVE-2008-4819Nov 10, 2008
Adobe Inc.
Flashplayer
risk 0.02cvss —epss 0.29
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
CVE-2008-4473Oct 17, 2008
Adobe Inc.
Flashplayer
risk 0.02cvss —epss 0.27
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
CVE-2008-1655Apr 9, 2008
Adobe Inc.
Air
risk 0.02cvss —epss 0.27
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
CVE-2008-1654Apr 2, 2008
Adobe Inc.
Flash
risk 0.02cvss —epss 0.28
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated…
CVE-2007-6245Dec 20, 2007
Adobe Inc.
Flashplayer
risk 0.02cvss —epss 0.22
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
CVE-2007-5476Oct 18, 2007
Opera
Opera Browser
risk 0.02cvss —epss 0.21
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

Page 24 of 52