Skip to main content

Flash Player

872 CVEs product

Monthly

CVE-2020-9746 HIGH This Week

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Null Pointer Dereference Denial Of Service Flash Player
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-9633 CRITICAL Act Now

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Adobe Memory Corruption RCE +4
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2020-3757 HIGH PATCH This Week

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Adobe RCE Memory Corruption Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2019-8075 HIGH PATCH This Week

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Flash Player Desktop Runtime Flash Player Chrome +2
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-8070 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2019-8069 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-7845 HIGH This Week

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +4
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2019-7090 MEDIUM This Month

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft Information Disclosure Flash Player Desktop Runtime +1
NVD
CVSS 3.0
6.5
EPSS
4.8%
CVE-2019-7108 HIGH This Week

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-7096 CRITICAL Act Now

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2019-7837 HIGH This Week

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +5
NVD
CVSS 3.0
8.8
EPSS
9.7%
CVE-2018-15981 CRITICAL Act Now

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-15978 HIGH PATCH This Week

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-15967 HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
7.6%
CVE-2018-12828 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12827 HIGH POC PATCH THREAT This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.0%
CVE-2018-12826 HIGH PATCH This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-12825 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12824 MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
5.9
EPSS
10.9%
CVE-2018-5008 HIGH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
6.8%
CVE-2018-5007 HIGH PATCH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
18.0%
CVE-2018-5002 HIGH KEV PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +4
NVD GitHub
CVSS 3.1
7.8
EPSS
25.4%
CVE-2018-5001 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
13.3%
CVE-2018-5000 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
14.5%
CVE-2018-4945 HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
6.8%
CVE-2018-4944 CRITICAL Act Now

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
9.0%
CVE-2018-4937 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-4936 MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
29.1%
CVE-2018-4935 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-4934 MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
23.4%
CVE-2018-4933 MEDIUM This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
6.5
EPSS
4.8%
CVE-2018-4932 HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Adobe RCE Use After Free Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2018-4920 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2018-4919 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Use After Free Denial Of Service Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2018-4877 CRITICAL Act Now

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Use After Free Flash Player +3
NVD
CVSS 3.0
9.8
EPSS
8.5%
CVE-2018-4871 HIGH This Week

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
7.5
EPSS
5.5%
CVE-2017-11305 MEDIUM PATCH This Month

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Flash Player Desktop Runtime Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2017-3114 CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Adobe Information Disclosure Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
9.8
EPSS
9.7%
CVE-2017-3112 CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Adobe Information Disclosure Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
9.8
EPSS
9.7%
CVE-2017-11225 CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free RCE Adobe Memory Corruption +4
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2017-11215 CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free RCE Adobe Memory Corruption +4
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2017-11213 CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Buffer Overflow Adobe Information Disclosure Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2017-11282 CRITICAL POC THREAT Emergency

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.7%
Threat
4.1
CVE-2017-11281 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
60.9%
Threat
5.3
CVE-2017-3106 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

RCE Adobe Enterprise Linux Enterprise Linux Desktop Enterprise Linux Workstation +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
53.3%
Threat
4.9
CVE-2017-3085 HIGH POC PATCH This Week

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2017-3100 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2017-3099 HIGH PATCH This Week

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2017-3080 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2016-0959 CRITICAL Act Now

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Adobe +8
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-3084 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-3083 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-3082 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Flash Player
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-3081 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-3079 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Flash Player
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-3078 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.0%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
70.0%
Threat
5.6
CVE-2017-3077 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2017-3076 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2017-3075 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-3074 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3073 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Buffer Overflow RCE Adobe +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-3072 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3071 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2017-3070 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3069 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3068 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
68.5%
Threat
5.3
CVE-2017-3064 HIGH POC This Week

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.8%
CVE-2017-3063 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3062 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3061 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2017-3060 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Information Disclosure Flash Player
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2017-3059 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3058 HIGH This Week

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-3003 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-3002 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-3001 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-3000 MEDIUM PATCH This Month

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.1%.

Adobe Information Disclosure Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
6.5
EPSS
11.1%
CVE-2017-2999 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2017-2998 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2017-2997 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2017-2996 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2017-2995 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2017-2994 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2017-2993 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-2992 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
CVE-2017-2991 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2017-2990 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2017-2988 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
60.9%
Threat
5.1
CVE-2017-2987 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Adobe Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2017-2986 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
EPSS 4% CVSS 8.8
HIGH This Week

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Null Pointer Dereference +2
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Adobe +6
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Adobe RCE Memory Corruption +4
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Flash Player Desktop Runtime +4
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE +4
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Flash Player Desktop Runtime +1
NVD
EPSS 6% CVSS 8.8
HIGH This Week

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE +6
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe +2
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE +4
NVD
EPSS 10% CVSS 8.8
HIGH This Week

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE +7
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Flash Player Desktop Runtime Flash Player +3
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Flash Player Desktop Runtime +4
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure +5
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player +3
NVD
EPSS 32% CVSS 7.5
HIGH POC PATCH THREAT This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow +4
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow +4
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player +3
NVD
EPSS 11% CVSS 5.9
MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 7% CVSS 7.5
HIGH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 18% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime +4
NVD
EPSS 25% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Adobe RCE +6
NVD GitHub
EPSS 13% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 14% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe Information Disclosure +5
NVD
EPSS 7% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime +4
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Flash Player +3
NVD
EPSS 26% CVSS 8.8
HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE +3
NVD Exploit-DB
EPSS 29% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow +2
NVD Exploit-DB
EPSS 26% CVSS 8.8
HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE +3
NVD Exploit-DB
EPSS 23% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow +2
NVD Exploit-DB
EPSS 5% CVSS 6.5
MEDIUM This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow +2
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Adobe RCE +3
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE +2
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Use After Free +4
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE +5
NVD
EPSS 6% CVSS 7.5
HIGH This Week

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player +4
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Adobe Information Disclosure +4
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Adobe Information Disclosure +4
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free RCE +6
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free RCE +6
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Buffer Overflow Adobe Information Disclosure +4
NVD
EPSS 21% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Buffer Overflow RCE Adobe +4
NVD Exploit-DB
EPSS 61% 5.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow RCE Adobe +4
NVD Exploit-DB
EPSS 53% 4.9 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

RCE Adobe Enterprise Linux +4
NVD Exploit-DB
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Adobe Information Disclosure +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Desktop Runtime +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google +10
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe +1
NVD
EPSS 70% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.0%.

Buffer Overflow RCE Adobe +1
NVD Exploit-DB
EPSS 54% 5.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe +1
NVD Exploit-DB
EPSS 54% 5.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe +1
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Buffer Overflow +8
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +7
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 68% 5.3 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Buffer Overflow Memory Corruption Adobe +6
NVD Exploit-DB
EPSS 5% CVSS 7.8
HIGH POC This Week

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Adobe +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 54% 5.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe +1
NVD Exploit-DB
EPSS 10% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe +2
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +4
NVD
EPSS 11% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.1%.

Adobe Information Disclosure Flash Player +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Adobe +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +4
NVD
EPSS 38% 4.4 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe +3
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +3
NVD
EPSS 61% 5.1 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow Memory Corruption Adobe +3
NVD Exploit-DB
EPSS 7% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Adobe +2
NVD
EPSS 38% 4.4 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe +3
NVD Exploit-DB
Page 1 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy