CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Flash Player : Security Vulnerabilities Published In 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-5008 125 2018-07-20 2018-09-17
5.0
None Remote Low Not required Partial None None
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
2 CVE-2018-5007 704 Exec Code 2018-07-20 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3 CVE-2018-5002 119 Exec Code Overflow 2018-07-09 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
4 CVE-2018-5001 125 2018-07-09 2018-10-21
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
5 CVE-2018-5000 190 Overflow 2018-07-09 2018-10-21
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
6 CVE-2018-4945 704 Exec Code 2018-07-09 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
7 CVE-2018-4944 704 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
8 CVE-2018-4937 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
9 CVE-2018-4936 119 Overflow 2018-05-19 2018-10-21
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
10 CVE-2018-4935 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
11 CVE-2018-4934 125 2018-05-19 2018-10-21
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12 CVE-2018-4933 125 2018-05-19 2018-10-21
4.0
None Remote Low Single system Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
13 CVE-2018-4932 416 Exec Code 2018-05-19 2018-10-21
9.0
None Remote Low Single system Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
14 CVE-2018-4920 704 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
15 CVE-2018-4919 416 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
16 CVE-2018-4878 416 Exec Code 2018-02-06 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
17 CVE-2018-4877 416 Exec Code 2018-02-06 2018-03-01
10.0
None Remote Low Not required Complete Complete Complete
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
18 CVE-2018-4871 125 2018-01-09 2018-01-30
5.0
None Remote Low Not required Partial None None
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Total number of vulnerabilities : 18   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.