Adobe Flash Player vulnerabilities

1,081 known vulnerabilities affecting adobe/flash_player.

Total CVEs

1,081

CISA KEV

actively exploited

Public exploits

183

Exploited in wild

Severity breakdown

CRITICAL607HIGH369MEDIUM104LOW1

Vulnerabilities

Page 39 of 55

CVE-2014-0531MEDIUMCVSS 4.3≤ 13.0.0.214v13.0.0.182+29 more2014-06-11

CVE-2014-0531 [MEDIUM] CWE-79 CVE-2014-0531: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vect

nvd

CVE-2014-0517HIGHCVSS 7.5≥ 13.0, < 13.0.0.214≥ 11.0, < 11.2.202.3592014-05-14

CVE-2014-0517 [HIGH] CWE-264 CVE-2014-0517: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

nvd

CVE-2014-0516HIGHCVSS 7.5≥ 13.0, < 13.0.0.214≥ 11.0, < 11.2.202.3592014-05-14

CVE-2014-0516 [HIGH] CWE-264 CVE-2014-0516: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

nvd

CVE-2014-0519HIGHCVSS 7.5≥ 13.0, < 13.0.0.214≥ 11.0, < 11.2.202.3592014-05-14

CVE-2014-0519 [HIGH] CVE-2014-0519: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.

nvd

CVE-2014-0518HIGHCVSS 7.5≥ 13.0, < 13.0.0.214≥ 11.0, < 11.2.202.3592014-05-14

CVE-2014-0518 [HIGH] CVE-2014-0518: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

nvd

CVE-2014-0520HIGHCVSS 7.5≥ 13.0, < 13.0.0.214≥ 11.0, < 11.2.202.3592014-05-14

CVE-2014-0520 [HIGH] CVE-2014-0520: Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.

nvd

CVE-2014-0515CRITICALCVSS 10.0ExploitedPoC≥ 11.0, < 11.2.202.346≥ 11.0, < 11.7.700.279+1 more2014-04-29

CVE-2014-0515 [CRITICAL] CWE-119 CVE-2014-0515: Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.20 Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

nvd

CVE-2014-0507CRITICALCVSS 9.3v11.0v11.0.1.152+76 more2014-04-08

CVE-2014-0507 [CRITICAL] CWE-119 CVE-2014-0507: Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.18 Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2014-0508MEDIUMCVSS 5.0≤ 11.2.202.346v11.0+76 more2014-04-08

CVE-2014-0508 [MEDIUM] CWE-264 CVE-2014-0508: Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspeci

nvd

CVE-2014-0509MEDIUMCVSS 4.3v11.0v11.0.1.152+76 more2014-04-08

CVE-2014-0509 [MEDIUM] CWE-79 CVE-2014-0509: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x throug Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script o

nvd

CVE-2014-0510CRITICALCVSS 10.0v12.0.0.772014-03-27

CVE-2014-0510 [CRITICAL] CWE-119 CVE-2014-0510: Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitr Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.

nvd

CVE-2014-0506CRITICALCVSS 10.0v12.0.0.772014-03-27

CVE-2014-0506 [CRITICAL] CWE-399 CVE-2014-0506: Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x bef Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly b

nvd

CVE-2014-0503MEDIUMCVSS 6.4≥ 11.0, < 11.2.202.346≥ 11.0, < 11.7.700.272+1 more2014-03-12

CVE-2014-0503 [MEDIUM] CWE-264 CVE-2014-0503: Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

nvd

CVE-2014-0504MEDIUMCVSS 5.0≥ 11.0, < 11.2.202.346≥ 11.0, < 11.7.700.272+1 more2014-03-12

CVE-2014-0504 [MEDIUM] CWE-200 CVE-2014-0504: Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.

nvd

CVE-2014-0498CRITICALCVSS 10.0≥ 11.0, < 11.7.700.269≥ 11.8, < 11.8.800.175+2 more2014-02-21

CVE-2014-0498 [CRITICAL] CWE-119 CVE-2014-0498: Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x befo Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified v

nvd

CVE-2014-0499HIGHCVSS 7.8≥ 11.0, < 11.7.700.269≥ 11.8, < 11.8.800.175+2 more2014-02-21

CVE-2014-0499 [HIGH] CWE-264 CVE-2014-0499: Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the

nvd

CVE-2014-0502HIGHCVSS 8.8KEVfixed in 11.7.700.269≥ 11.8.800.94, < 12.0.0.70+1 more2014-02-21

CVE-2014-0502 [HIGH] CWE-415 CVE-2014-0502: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified

nvd

CVE-2014-0497CRITICALCVSS 9.8KEVPoCfixed in 11.2.202.336fixed in 11.7.700.261+1 more2014-02-05

CVE-2014-0497 [CRITICAL] CWE-191 CVE-2014-0497: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0. Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2014-0491CRITICALCVSS 10.0≥ 11.0, < 11.7.700.260≥ 11.8, < 11.8.800.175+2 more2014-01-15

CVE-2014-0491 [CRITICAL] CWE-264 CVE-2014-0491: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.

nvd

CVE-2014-0492CRITICALCVSS 10.0≥ 11.0, < 11.7.700.260≥ 11.8, < 11.8.800.175+2 more2014-01-15

CVE-2014-0492 [CRITICAL] CWE-264 CVE-2014-0492: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."

nvd

← Previous39 / 55Next →