Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
Max CVSS
4.3
EPSS Score
0.41%
Published
2007-07-11
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
Max CVSS
4.3
EPSS Score
96.42%
Published
2007-12-20
Updated
2018-10-30
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
Max CVSS
4.4
EPSS Score
0.04%
Published
2007-12-20
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
Max CVSS
4.3
EPSS Score
0.60%
Published
2008-01-04
Updated
2017-09-29
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
Max CVSS
4.3
EPSS Score
0.56%
Published
2008-04-02
Updated
2017-09-29
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Max CVSS
4.3
EPSS Score
1.03%
Published
2008-04-09
Updated
2017-09-29
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
Max CVSS
4.3
EPSS Score
2.16%
Published
2008-08-29
Updated
2017-08-08
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Max CVSS
4.3
EPSS Score
0.73%
Published
2008-10-14
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.
Max CVSS
4.3
EPSS Score
0.72%
Published
2008-11-10
Updated
2018-10-30
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
Max CVSS
4.3
EPSS Score
0.51%
Published
2008-11-10
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
Max CVSS
4.3
EPSS Score
0.60%
Published
2008-11-10
Updated
2018-10-30
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
Max CVSS
4.3
EPSS Score
0.52%
Published
2008-12-08
Updated
2018-11-08
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
Max CVSS
4.3
EPSS Score
0.54%
Published
2008-12-08
Updated
2018-11-08
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Max CVSS
4.3
EPSS Score
1.79%
Published
2008-12-08
Updated
2018-11-02
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
Max CVSS
4.3
EPSS Score
0.73%
Published
2009-02-26
Updated
2017-09-29
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
Max CVSS
4.3
EPSS Score
0.49%
Published
2009-07-31
Updated
2017-09-29
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Max CVSS
4.9
EPSS Score
0.06%
Published
2009-07-31
Updated
2017-09-29
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Max CVSS
4.3
EPSS Score
89.24%
Published
2010-02-15
Updated
2018-10-30
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.
Max CVSS
4.3
EPSS Score
0.73%
Published
2010-06-15
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
Max CVSS
4.3
EPSS Score
0.30%
Published
2010-06-15
Updated
2022-09-15
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
Max CVSS
4.3
EPSS Score
0.39%
Published
2010-08-11
Updated
2018-10-30
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
Max CVSS
4.3
EPSS Score
0.62%
Published
2010-11-07
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."
Max CVSS
4.3
EPSS Score
0.31%
Published
2011-06-09
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Max CVSS
4.3
EPSS Score
0.24%
Published
2011-09-22
Updated
2018-10-30

CVE-2012-0767

Known exploited
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
Max CVSS
4.3
EPSS Score
0.28%
Published
2012-02-16
Updated
2023-01-30
CISA KEV Added
2022-06-08
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!