Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Flash Player
APPAdobe≤ 11.2.202.621≤ 21.0.0.242≤ 18.0.0.352Apple macOS
OSApplewszystkie wersjeApple Mac Os X
OSApplewszystkie wersjeGoogle Chrome Os
OSGooglewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeMicrosoft Windows 10
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeOpensuse
OSOpensuse13.113.2Red Hat Enterprise Linux Desktop
OSRedhat5.06.0Red Hat Enterprise Linux Server
OSRedhat5.06.0Red Hat Enterprise Linux Workstation
OSRedhat5.06.0SUSE Linux Enterprise Desktop
OSSuse12SUSE Linux Enterprise Workstation Extension
OSSuse12
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Required action (CISA)i
The impacted product is end-of-life and should be disconnected if still in use.
CISA descriptioni
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 15 kwietnia 2022
Tags
RCE
References
Related vulnerabilities
CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP