Skip to main content
CVE-2015-8651 HIGH KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow exploitation. Confirmed actively exploited (CISA KEV) with 88.97% EPSS score indicating extremely high real-world exploitation probability. Affects Flash Player before 18.0.0.324/20.0.0.267, Adobe AIR before 20.0.0.233, and associated SDKs across Windows, OS X, and Linux platforms. Vendor-released patches available since December 2015.

Adobe Integer Overflow Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.9
CVE-2015-8644 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8635 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8634 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8636 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.6%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
39.6%
Threat
4.4
CVE-2015-8645 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
8.8
EPSS
7.0%
CVE-2015-8646 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8643 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8642 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8641 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Sdk Air Sdk Compiler +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8640 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8460 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2015-8650 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Sdk Air Sdk Compiler +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8649 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8648 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8647 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8639 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8638 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-6850 HIGH This Week

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vplex Geosynchrony
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2015-8543 HIGH PATCH This Week

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users. Rated high severity (CVSS 7.0).

Denial Of Service Google Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy