Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Flash_player
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1084 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-03-15 | CVE-2011-0609 | Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel... | Acrobat, Acrobat_reader, Air, Flash_player, Chrome, Opensuse, Linux_enterprise | 7.8 | ||
| 2012-02-16 | CVE-2012-0767 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. | Flash_player | 6.1 | ||
| 2012-09-24 | CVE-2012-5054 | Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. | Flash_player | 8.8 | ||
| 2015-01-23 | CVE-2015-0310 | Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | Flash_player | N/A | ||
| 2014-12-10 | CVE-2014-9163 | Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. | Flash_player | N/A | ||
| 2017-10-22 | CVE-2017-11292 | Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. | Flash_player, Flash_player_desktop_runtime, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2018-02-06 | CVE-2018-4878 | A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. | Flash_player, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 | ||
| 2018-07-09 | CVE-2018-5002 | Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | Flash_player, Flash_player_desktop_runtime, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 | ||
| 2019-01-18 | CVE-2018-15982 | Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | Flash_player, Flash_player_installer, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 | ||
| 2009-07-23 | CVE-2009-1862 | Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009. | Acrobat, Acrobat_reader, Flash_player | 7.8 |