Adobe Air vulnerabilities
413 known vulnerabilities affecting adobe/air.
Total CVEs
413
CISA KEV
6
actively exploited
Public exploits
90
Exploited in wild
7
Severity breakdown
CRITICAL314HIGH60MEDIUM39
Vulnerabilities
Page 19 of 21
CVE-2012-2036CRITICALCVSS 9.3≤ 3.2.0.20702012-06-09
CVE-2012-2036 [CRITICAL] CWE-190 CVE-2012-2036: Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows an
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-2034HIGHCVSS 7.5KEV≤ 3.2.0.20702012-06-09
CVE-2012-2034 [HIGH] CWE-119 CVE-2012-2034: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
nvd
CVE-2012-2038MEDIUMCVSS 4.3≤ 3.2.0.20702012-06-09
CVE-2012-2038 [MEDIUM] CWE-200 CVE-2012-2038: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information
nvd
CVE-2012-0725CRITICALCVSS 9.3fixed in 3.2.0.20702012-04-06
CVE-2012-0725 [CRITICAL] CVE-2012-0725: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to caus
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
nvd
CVE-2012-0724CRITICALCVSS 9.3fixed in 3.2.0.20702012-04-06
CVE-2012-0724 [CRITICAL] CWE-119 CVE-2012-0724: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to caus
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
nvd
CVE-2011-0609HIGHCVSS 7.8KEVPoC≤ 2.5.12011-03-15
CVE-2011-0609 [HIGH] CVE-2011-0609: Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux,
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary co
nvd
CVE-2010-2163CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2163 [CRITICAL] CWE-94 CVE-2010-2163: Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2010-2169CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2169 [CRITICAL] CWE-119 CVE-2010-2169: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.
nvd
CVE-2010-2164CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2164 [CRITICAL] CWE-399 CVE-2010-2164: Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
nvd
CVE-2009-3793CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2009-3793 [CRITICAL] CWE-399 CVE-2009-3793: Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ado
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2010-2161CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2161 [CRITICAL] CWE-94 CVE-2010-2161: Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR b
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
nvd
CVE-2010-2189CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2189 [CRITICAL] CWE-119 CVE-2010-2189: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, wh
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
nvd
CVE-2010-2166CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2166 [CRITICAL] CVE-2010-2166: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178,
nvd
CVE-2010-2185CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2185 [CRITICAL] CWE-119 CVE-2010-2185: Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR bef
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2010-2160CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2160 [CRITICAL] CWE-119 CVE-2010-2160: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than
nvd
CVE-2010-2165CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2165 [CRITICAL] CVE-2010-2165: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178,
nvd
CVE-2010-2174CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2174 [CRITICAL] CVE-2010-2174: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, mi
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.
nvd
CVE-2010-2184CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2184 [CRITICAL] CVE-2010-2184: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,
nvd
CVE-2010-2176CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2176 [CRITICAL] CVE-2010-2176: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178,
nvd
CVE-2010-2162CRITICALCVSS 9.3≤ 1.5.3.9130v1.0+5 more2010-06-15
CVE-2010-2162 [CRITICAL] CWE-119 CVE-2010-2162: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
nvd