Summary
| Detail | |||
|---|---|---|---|
| Vendor | Adobe | First view | 2012-11-07 |
| Product | Flash Player | Last view | 2020-10-14 |
| Version | 11.4.402.287 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:adobe:flash_player | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2020-10-14 | CVE-2020-9746 | Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. |
| 9.8 | 2020-06-12 | CVE-2020-9633 | Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 8.8 | 2020-02-13 | CVE-2020-3757 | Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 7.5 | 2019-09-27 | CVE-2019-8075 | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. |
| 9.8 | 2019-09-12 | CVE-2019-8070 | Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. |
| 9.8 | 2019-09-12 | CVE-2019-8069 | Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. |
| 8.8 | 2019-06-12 | CVE-2019-7845 | Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 6.5 | 2019-05-24 | CVE-2019-7090 | Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 7.5 | 2019-05-23 | CVE-2019-7108 | Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . |
| 9.8 | 2019-05-23 | CVE-2019-7096 | Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 8.8 | 2019-05-22 | CVE-2019-7837 | Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 7.8 | 2019-01-18 | CVE-2018-15983 | Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
| 9.8 | 2019-01-18 | CVE-2018-15982 | Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 9.8 | 2018-11-29 | CVE-2018-15981 | Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 7.5 | 2018-11-29 | CVE-2018-15978 | Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 7.5 | 2018-09-25 | CVE-2018-15967 | Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. |
| 9.8 | 2018-08-29 | CVE-2018-12828 | Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. |
| 7.5 | 2018-08-29 | CVE-2018-12827 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 7.5 | 2018-08-29 | CVE-2018-12826 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 9.8 | 2018-08-29 | CVE-2018-12825 | Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. |
| 5.9 | 2018-08-29 | CVE-2018-12824 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 7.5 | 2018-07-20 | CVE-2018-5008 | Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| 8.8 | 2018-07-20 | CVE-2018-5007 | Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. |
| 9.8 | 2018-07-09 | CVE-2018-5002 | Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. |
| 6.5 | 2018-07-09 | CVE-2018-5001 | Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (159) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 25% (128) | CWE-787 | Out-of-bounds Write |
| 19% (97) | CWE-416 | Use After Free |
| 5% (28) | CWE-264 | Permissions, Privileges, and Access Controls |
| 3% (19) | CWE-200 | Information Exposure |
| 2% (11) | CWE-125 | Out-of-bounds Read |
| 1% (10) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (9) | CWE-190 | Integer Overflow or Wraparound |
| 1% (9) | CWE-189 | Numeric Errors |
| 1% (8) | CWE-704 | Incorrect Type Conversion or Cast |
| 1% (8) | CWE-399 | Resource Management Errors |
| 1% (7) | CWE-284 | Access Control (Authorization) Issues |
| 0% (4) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 0% (2) | CWE-426 | Untrusted Search Path |
| 0% (2) | CWE-362 | Race Condition |
| 0% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 0% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 0% (1) | CWE-476 | NULL Pointer Dereference |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-346 | Origin Validation Error |
| 0% (1) | CWE-20 | Improper Input Validation |
SAINT Exploits
| Description | Link |
|---|---|
| Adobe Pixel Shader | More info here |
| Adobe Flash Player SWF Content Regular Expression Heap Overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 33333 | Adobe Flash Player Shader Buffer Overflow |
| 33212 | Adobe Flash Player Integer Underflow Remote Code Execution |
| 33095 | Adobe Flash Player Type Confusion Remote Code Execution |
| 32959 | Adobe Flash Player Regular Expression Heap Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - December12 (Mac OS X) File : nvt/gb_adobe_air_mult_vuln_dec12_macosx.nasl |
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - December12 (Windows) File : nvt/gb_adobe_air_mult_vuln_dec12_win.nasl |
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - November12 (Mac OS X) File : nvt/gb_adobe_air_mult_vuln_nov12_macosx.nasl |
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - November12 (Windows) File : nvt/gb_adobe_air_mult_vuln_nov12_win.nasl |
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X) File : nvt/gb_adobe_air_mult_vuln_oct12_macosx.nasl |
| 2013-03-28 | Name : Adobe Air Multiple Vulnerabilities - October 12 (Windows) File : nvt/gb_adobe_air_mult_vuln_oct12_win.nasl |
| 2012-12-14 | Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_dec12_lin.nasl |
| 2012-12-14 | Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_dec12_win.nasl |
| 2012-12-14 | Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Mac OS X) File : nvt/gb_adobe_prdts_mult_vuln_dec12_macosx.nasl |
| 2012-12-13 | Name : SuSE Update for flash-player openSUSE-SU-2012:1480-1 (flash-player) File : nvt/gb_suse_2012_1480_1.nasl |
| 2012-11-26 | Name : FreeBSD Ports: linux-f10-flashplugin File : nvt/freebsd_linux-f10-flashplugin5.nasl |
| 2012-11-26 | Name : FreeBSD Ports: linux-f10-flashplugin File : nvt/freebsd_linux-f10-flashplugin4.nasl |
| 2012-11-08 | Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov12_lin.nasl |
| 2012-11-08 | Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Mac OS X) File : nvt/gb_adobe_prdts_mult_vuln_nov12_macosx.nasl |
| 2012-11-08 | Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_nov12_win.nasl |
| 2012-10-15 | Name : Adobe Flash Player Multiple Vulnerabilities - Oct12 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_oct12_lin.nasl |
| 2012-10-15 | Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Mac OS X) File : nvt/gb_adobe_prdts_mult_vuln_oct12_macosx.nasl |
| 2012-10-15 | Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_oct12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0221 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0061469 |
| 2014-A-0093 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0052949 |
| 2014-A-0078 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0052485 |
| 2014-A-0069 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0050437 |
| 2014-A-0060 | Adobe Flash Player Buffer Overflow Vulnerability Severity: Category I - VMSKEY: V0050013 |
| 2014-A-0047 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0048681 |
| 2014-A-0034 | Multiple Vulnerabilities in Adobe Flash Player Severity: Category I - VMSKEY: V0046181 |
| 2014-A-0029 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0044537 |
| 2014-A-0020 | Adobe Flash Player Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0043920 |
| 2014-A-0001 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0043404 |
| 2013-A-0229 | Multiple Vulnerabilities in Adobe Flash Player Severity: Category I - VMSKEY: V0042595 |
| 2013-A-0209 | Multiple Vulnerabilities in Adobe Flash Player Severity: Category I - VMSKEY: V0042292 |
| 2013-A-0168 | Multiple Vulnerabilities In Adobe Flash Player Severity: Category I - VMSKEY: V0040297 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-09-19 | Adobe Flash Player AVM domain memory range integer overflow attempt RuleID : 54826 - Type : FILE-FLASH - Revision : 1 |
| 2020-09-19 | Adobe Flash Player AVM domain memory range integer overflow attempt RuleID : 54825 - Type : FILE-FLASH - Revision : 1 |
| 2019-10-29 | Adobe Flash Player ActiveX same origin method execution attempt RuleID : 51648 - Type : FILE-FLASH - Revision : 1 |
| 2019-10-29 | Adobe Flash Player use-after-free attempt RuleID : 51644 - Type : FILE-FLASH - Revision : 1 |
| 2019-10-29 | Adobe Flash Player use-after-free attempt RuleID : 51643 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-24 | Adobe Flash Player malformed ATF heap overflow attempt RuleID : 51226 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-24 | Adobe Flash Player malformed ATF heap overflow attempt RuleID : 51225 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51224 - Type : FILE-OTHER - Revision : 1 |
| 2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51223 - Type : FILE-OTHER - Revision : 1 |
| 2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51222 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51221 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-19 | Adobe Flash player memory corruption attempt RuleID : 51082 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-19 | Adobe Flash player memory corruption attempt RuleID : 51081 - Type : FILE-FLASH - Revision : 1 |
| 2019-08-01 | Adobe Flash Player TVSDK metadata use after free attempt RuleID : 50537 - Type : FILE-FLASH - Revision : 1 |
| 2019-08-01 | Adobe Flash Player TVSDK metadata use after free attempt RuleID : 50536 - Type : FILE-FLASH - Revision : 1 |
| 2019-08-01 | Adobe Flash Player TVSDK metadata use after free attempt RuleID : 50535 - Type : FILE-FLASH - Revision : 1 |
| 2019-08-01 | Adobe Flash Player TVSDK metadata use after free attempt RuleID : 50534 - Type : FILE-FLASH - Revision : 1 |
| 2019-07-02 | Adobe Flash Player use after free attempt RuleID : 50268 - Type : FILE-FLASH - Revision : 1 |
| 2019-07-02 | Adobe Flash Player use after free attempt RuleID : 50267 - Type : FILE-FLASH - Revision : 1 |
| 2019-06-25 | Adobe Flash Player writeExternal type confusion attempt RuleID : 50185 - Type : FILE-FLASH - Revision : 1 |
| 2019-06-20 | Adobe Flash Player out-of-bounds read attempt RuleID : 50140 - Type : FILE-FLASH - Revision : 1 |
| 2019-06-20 | Adobe Flash Player out-of-bounds read attempt RuleID : 50139 - Type : FILE-FLASH - Revision : 1 |
| 2019-05-07 | Adobe Flash Player PCRE control character denial of service attempt RuleID : 49656 - Type : FILE-FLASH - Revision : 1 |
| 2019-05-07 | Adobe Flash Player PCRE control character denial of service attempt RuleID : 49655 - Type : FILE-FLASH - Revision : 1 |
| 2019-05-07 | Adobe Flash Player PCRE control character denial of service attempt RuleID : 49654 - Type : FILE-FLASH - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-12-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_49cbe200f92a11e8a89dd43d7ef03aa6.nasl - Type: ACT_GATHER_INFO |
| 2018-12-06 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-42.nasl - Type: ACT_GATHER_INFO |
| 2018-12-06 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-42.nasl - Type: ACT_GATHER_INFO |
| 2018-11-21 | Name: The remote Windows host has a browser plugin installed that is affected by an... File: flash_player_apsb18-44.nasl - Type: ACT_GATHER_INFO |
| 2018-11-21 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8f128c72ecf911e8aa006451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-11-21 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-44.nasl - Type: ACT_GATHER_INFO |
| 2018-11-14 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_b69292e8e79811e8ae076451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-39.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-39.nasl - Type: ACT_GATHER_INFO |
| 2018-09-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_f9d73a20b5f011e8b1da6451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-09-11 | Name: The remote Windows host has a browser plugin installed that is affected by an... File: flash_player_apsb18-31.nasl - Type: ACT_GATHER_INFO |
| 2018-09-11 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-31.nasl - Type: ACT_GATHER_INFO |
| 2018-08-15 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_98b603c89ff311e8ad636451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-08-14 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-25.nasl - Type: ACT_GATHER_INFO |
| 2018-08-14 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-25.nasl - Type: ACT_GATHER_INFO |
| 2018-07-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e78732b2852811e89c426451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-07-10 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-24.nasl - Type: ACT_GATHER_INFO |
| 2018-07-10 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-24.nasl - Type: ACT_GATHER_INFO |
| 2018-06-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201806-02.nasl - Type: ACT_GATHER_INFO |
| 2018-06-08 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_2dde5a566ab111e8b6396451062f0f7a.nasl - Type: ACT_GATHER_INFO |
| 2018-06-07 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-19.nasl - Type: ACT_GATHER_INFO |
| 2018-06-07 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-19.nasl - Type: ACT_GATHER_INFO |
| 2018-05-09 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_9558d49c534c11e88177d43d7ef03aa6.nasl - Type: ACT_GATHER_INFO |
| 2018-05-08 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb18-16.nasl - Type: ACT_GATHER_INFO |
| 2018-05-08 | Name: The remote macOS or Mac OSX host has a browser plugin installed that is affec... File: macosx_flash_player_apsb18-16.nasl - Type: ACT_GATHER_INFO |
