National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:adobe:flash_player:24.0.0.194
There are 102 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2017-2996

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2995

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-2994

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-2993

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2992

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2991

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2990

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2988

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2987

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2986

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2985

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2984

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2982

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.

Published: February 15, 2017; 01:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2010-2216

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.

Published: August 11, 2010; 02:47:50 PM -04:00
    V2: 9.3 HIGH
CVE-2010-2215

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

Published: August 11, 2010; 02:47:50 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-2214

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.

Published: August 11, 2010; 02:47:50 PM -04:00
    V2: 9.3 HIGH
CVE-2010-2213

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.

Published: August 11, 2010; 02:47:50 PM -04:00
    V2: 9.3 HIGH
CVE-2010-0209

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.

Published: August 11, 2010; 02:47:49 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

Published: August 29, 2008; 01:41:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1654

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.

Published: April 02, 2008; 02:44:00 PM -04:00
    V2: 4.3 MEDIUM