Adobe Air vulnerabilities

145 known vulnerabilities affecting adobe/adobe_air.

Total CVEs

145

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL116HIGH15MEDIUM14

Vulnerabilities

Page 2 of 8

CVE-2014-0556CRITICALCVSS 10.0PoC≤ 14.0.0.179v13.0.0.83+4 more2014-09-10

CVE-2014-0556 [CRITICAL] CWE-119 CVE-2014-0556: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbi

nvd

CVE-2014-0548HIGHCVSS 7.5≤ 14.0.0.179v13.0.0.83+4 more2014-09-10

CVE-2014-0548 [HIGH] CWE-264 CVE-2014-0548: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspec

nvd

CVE-2014-5333MEDIUMCVSS 4.3≤ 14.0.0.137v13.0.0.83+3 more2014-08-19

CVE-2014-5333 [MEDIUM] CWE-352 CVE-2014-5333: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attacke

nvd

CVE-2014-0542CRITICALCVSS 10.0≤ 14.0.0.137v13.0.0.83+3 more2014-08-12

CVE-2014-0542 [CRITICAL] CVE-2014-0542: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers

nvd

CVE-2014-0543CRITICALCVSS 10.0≤ 14.0.0.110v13.0.0.83+3 more2014-08-12

CVE-2014-0543 [CRITICAL] CVE-2014-0543: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers

nvd

CVE-2014-0540CRITICALCVSS 10.0≤ 14.0.0.137v13.0.0.83+3 more2014-08-12

CVE-2014-0540 [CRITICAL] CWE-264 CVE-2014-0540: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows at

nvd

CVE-2014-0541CRITICALCVSS 10.0≤ 14.0.0.137v13.0.0.83+3 more2014-08-12

CVE-2014-0541 [CRITICAL] CWE-264 CVE-2014-0541: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified

nvd

CVE-2014-0538CRITICALCVSS 10.0≤ 14.0.0.137v13.0.0.83+3 more2014-08-12

CVE-2014-0538 [CRITICAL] CVE-2014-0538: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on W Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via

nvd

CVE-2014-0545CRITICALCVSS 10.0≤ 14.0.0.110v13.0.0.83+3 more2014-08-12

CVE-2014-0545 [CRITICAL] CVE-2014-0545: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers

nvd

CVE-2014-0544CRITICALCVSS 10.0≤ 14.0.0.110v13.0.0.83+3 more2014-08-12

CVE-2014-0544 [CRITICAL] CVE-2014-0544: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers

nvd

CVE-2014-0539HIGHCVSS 7.5≤ 14.0.0.110v13.0.0.83+1 more2014-07-09

CVE-2014-0539 [HIGH] CVE-2014-0539: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.

nvd

CVE-2014-0537HIGHCVSS 7.5≤ 14.0.0.110v13.0.0.83+1 more2014-07-09

CVE-2014-0537 [HIGH] CWE-264 CVE-2014-0537: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-20

nvd

CVE-2014-4671MEDIUMCVSS 4.3≤ 14.0.0.110v13.0.0.83+1 more2014-07-09

CVE-2014-4671 [MEDIUM] CWE-352 CVE-2014-4671: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (

nvd

CVE-2014-0536CRITICALCVSS 10.0≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0536 [CRITICAL] CWE-119 CVE-2014-0536: Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

nvd

CVE-2014-0534HIGHCVSS 7.5≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0534 [HIGH] CWE-264 CVE-2014-0534: Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.

nvd

CVE-2014-0535HIGHCVSS 7.5≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0535 [HIGH] CVE-2014-0535: Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2. Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.

nvd

CVE-2014-0533MEDIUMCVSS 4.3≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0533 [MEDIUM] CVE-2014-0533: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a

nvd

CVE-2014-0532MEDIUMCVSS 4.3≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0532 [MEDIUM] CVE-2014-0532: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a

nvd

CVE-2014-0531MEDIUMCVSS 4.3≤ 13.0.0.111v13.0.0.832014-06-11

CVE-2014-0531 [MEDIUM] CWE-79 CVE-2014-0531: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vect

nvd

CVE-2014-0517HIGHCVSS 7.5fixed in 13.0.0.1112014-05-14

CVE-2014-0517 [HIGH] CWE-264 CVE-2014-0517: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

nvd

← Previous2 / 8Next →