Filtered by vendor Adobe Subscriptions
Filtered by product Flash Player Subscriptions
Total 1084 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-5119 7 Adobe, Apple, Linux and 4 more 15 Flash Player, Mac Os X, Linux Kernel and 12 more 2025-07-30 9.8 Critical
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 15 Flash Player, Flash Player Desktop Runtime, Macos and 12 more 2025-07-30 9.8 Critical
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2015-5123 7 Adobe, Apple, Linux and 4 more 13 Flash Player, Flash Player Desktop Runtime, Macos and 10 more 2025-07-30 9.8 Critical
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2025-07-30 7.8 High
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVE-2015-8651 9 Adobe, Apple, Google and 6 more 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more 2025-07-30 8.8 High
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2016-0984 6 Adobe, Apple, Google and 3 more 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more 2025-07-30 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
CVE-2016-1010 7 Adobe, Apple, Google and 4 more 16 Air, Air Desktop Runtime, Air Sdk and 13 more 2025-07-30 8.8 High
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
CVE-2016-1019 6 Adobe, Apple, Google and 3 more 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more 2025-07-30 9.8 Critical
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
CVE-2016-4117 4 Adobe, Opensuse, Redhat and 1 more 10 Flash Player, Evergreen, Opensuse and 7 more 2025-07-30 9.8 Critical
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVE-2016-4171 8 Adobe, Apple, Google and 5 more 15 Flash Player, Mac Os X, Macos and 12 more 2025-07-30 9.8 Critical
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
CVE-2016-7855 6 Adobe, Apple, Google and 3 more 13 Flash Player, Mac Os X, Chrome Os and 10 more 2025-07-30 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
CVE-2016-7892 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-07-30 8.8 High
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11292 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more 2025-07-30 8.8 High
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
CVE-2018-4878 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2025-07-30 9.8 Critical
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVE-2018-5002 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more 2025-07-30 9.8 Critical
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-15982 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Installer, Mac Os X and 9 more 2025-07-30 9.8 Critical
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-9746 6 Adobe, Apple, Google and 3 more 8 Flash Player, Macos, Chrome Os and 5 more 2025-04-23 7 High
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.
CVE-2017-2925 6 Adobe, Apple, Google and 3 more 8 Flash Player, Mac Os X, Chrome Os and 5 more 2025-04-20 8.8 High
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
CVE-2016-0959 6 Adobe, Apple, Google and 3 more 16 Air, Air Sdk, Air Sdk \& Compiler and 13 more 2025-04-20 N/A
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.
CVE-2017-3100 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-20 6.5 Medium
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.