CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2016-1019

CVSS 9.8v3.1pub. 2016-04-07upd. 2026-04-21

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adobe Air Desktop Runtime

    APP
    Adobe
    ≤ 21.0.0.176
  • Adobe Air Sdk

    APP
    Adobe
    ≤ 21.0.0.176
  • Adobe Air Sdk \& Compiler

    APP
    Adobe
    ≤ 21.0.0.176
  • Adobe Flash Player

    APP
    Adobe
    ≤ 11.2.202.577≤ 18.0.0.333≤ 21.0.0.197
  • Adobe Flash Player Desktop Runtime

    APP
    Adobe
    ≤ 21.0.0.197
  • Apple iOS

    OS
    Apple
    wszystkie wersje
  • Apple Mac Os X

    OS
    Apple
    wszystkie wersje
  • Google Android

    OS
    Google
    wszystkie wersje
  • Google Chrome Os

    OS
    Google
    wszystkie wersje
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 10

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 8.1

    OS
    Microsoft
    wszystkie wersje

CISA KEV — detailsi

Vendori
Adobe
Producti
Flash Player
Added to KEVi
March 3, 2022
Remediation deadline (US Federal)i
March 24, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 24 marca 2022
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach