Vulnerabilities (CVE)

Filtered by vendor Adobe Subscribe
Filtered by product Flash Player
Total 1084 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0497 8 Adobe, Apple, Google and 5 more 14 Flash Player, Mac Os X, Macos and 11 more 2024-09-19 10.0 HIGH 9.8 CRITICAL
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-0502 8 Adobe, Apple, Google and 5 more 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more 2024-09-19 10.0 HIGH 8.8 HIGH
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CVE-2013-0648 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2024-09-19 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0643 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2024-09-19 9.3 HIGH 8.8 HIGH
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2011-0611 8 Adobe, Apple, Google and 5 more 13 Acrobat, Acrobat Reader, Adobe Air and 10 more 2024-08-13 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVE-2012-1535 7 Adobe, Apple, Linux and 4 more 9 Flash Player, Mac Os X, Linux Kernel and 6 more 2024-07-16 9.3 HIGH 7.8 HIGH
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVE-2015-3043 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
CVE-2016-4117 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Opensuse and 6 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 13 Flash Player, Mac Os X, Linux Kernel and 10 more 2024-07-16 9.3 HIGH 7.8 HIGH
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVE-2015-5119 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more 2024-07-02 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2015-5123 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more 2024-07-02 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-3113 8 Adobe, Apple, Hp and 5 more 18 Flash Player, Mac Os X, Insight Orchestration and 15 more 2024-07-02 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
CVE-2015-0311 5 Adobe, Apple, Linux and 2 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2024-07-02 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
CVE-2015-0313 6 Adobe, Apple, Linux and 3 more 16 Flash Player, Mac Os X, Linux Kernel and 13 more 2024-07-02 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVE-2015-8651 9 Adobe, Apple, Google and 6 more 22 Air, Air Sdk, Air Sdk \& Compiler and 19 more 2024-07-01 9.3 HIGH 8.8 HIGH
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5054 1 Adobe 1 Flash Player 2024-06-28 9.3 HIGH 8.8 HIGH
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
CVE-2011-0609 8 Adobe, Apple, Google and 5 more 14 Acrobat, Acrobat Reader, Air and 11 more 2024-06-28 9.3 HIGH 7.8 HIGH
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVE-2010-1297 5 Adobe, Apple, Microsoft and 2 more 7 Acrobat, Air, Flash Player and 4 more 2024-06-28 9.3 HIGH 7.8 HIGH
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
CVE-2009-1862 1 Adobe 3 Acrobat, Acrobat Reader, Flash Player 2024-06-28 9.3 HIGH 7.8 HIGH
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.