HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-1010

CVSS 8.8v3.1pub. 2016-03-12upd. 2026-04-22

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Adobe Air

    APP
    Adobe
    ≤ 20.0.0.233
  • Adobe Air Desktop Runtime

    APP
    Adobe
    ≤ 20.0.0.260
  • Adobe Air Sdk

    APP
    Adobe
    ≤ 20.0.0.260
  • Adobe Air Sdk \& Compiler

    APP
    Adobe
    ≤ 20.0.0.260
  • Adobe Flash Player

    APP
    Adobe
    ≤ 20.0.0.306≤ 11.2.202.569
  • Adobe Flash Player Desktop Runtime

    APP
    Adobe
    ≤ 20.2.2.306
  • Apple iOS

    OS
    Apple
    wszystkie wersje
  • Apple Mac Os X

    OS
    Apple
    wszystkie wersje
  • Google Android

    OS
    Google
    wszystkie wersje
  • Google Chrome Os

    OS
    Google
    wszystkie wersje
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 10

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 8.1

    OS
    Microsoft
    wszystkie wersje
  • Samsung X14j Firmware

    OS
    Samsung
    t-ms14jakucb-1102.5

CISA KEV — detailsi

Vendori
Adobe
Producti
Flash Player and AIR
Added to KEVi
May 25, 2022
Remediation deadline (US Federal)i
June 15, 2022(overdue)
Required action (CISA)i

The impacted products are end-of-life and should be disconnected if still in use.

CISA descriptioni

Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 15 czerwca 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach