Filtered by vendor Adobe
Subscribe
Search
Total
4765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2870 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2871 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | |||||
| CVE-2010-2872 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2882 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file. | |||||
| CVE-2010-2881 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file. | |||||
| CVE-2010-2880 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file. | |||||
| CVE-2010-2879 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file. | |||||
| CVE-2010-2873 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2877 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll. | |||||
| CVE-2010-2878 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2864 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file. | |||||
| CVE-2010-2866 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | |||||
| CVE-2010-2867 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability." | |||||
| CVE-2010-2868 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file. | |||||
| CVE-2010-2869 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file. | |||||
| CVE-2010-2582 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. | |||||
| CVE-2010-2581 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. | |||||
| CVE-2010-1278 | 1 Adobe | 2 Acrobat, Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. | |||||
| CVE-2009-4003 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. | |||||
| CVE-2009-4195 | 1 Adobe | 1 Illustrator | 2018-10-10 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4002 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. | |||||
| CVE-2009-3068 | 1 Adobe | 1 Robohelp Server | 2018-10-10 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. | |||||
| CVE-2009-3489 | 1 Adobe | 1 Photoshop Elements | 2018-10-10 | 6.9 MEDIUM | N/A |
| Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | |||||
| CVE-2009-2564 | 3 Adobe, Corel, Nos Microsystems | 3 Acrobat Reader, Getplus Download Manager, Getplus Download Manager | 2018-10-10 | 7.2 HIGH | N/A |
| NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot. | |||||
| CVE-2009-1872 | 1 Adobe | 1 Coldfusion | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. | |||||
| CVE-2009-1873 | 1 Adobe | 1 Jrun | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. | |||||
| CVE-2009-1869 | 1 Adobe | 3 Air, Flash Player, Flex | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. | |||||
| CVE-2009-1857 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. | |||||
| CVE-2009-1874 | 1 Adobe | 1 Jrun | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1855 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. | |||||
| CVE-2016-7866 | 1 Adobe | 1 Animate | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-0956 | 5 Adobe, Apache, Apple and 2 more | 5 Experience Manager, Sling, Mac Os X and 2 more | 2018-10-09 | 7.8 HIGH | 7.5 HIGH |
| The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8051 | 1 Adobe | 1 Premiere Clip | 2018-10-09 | 10.0 HIGH | N/A |
| The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors. | |||||
| CVE-2015-3269 | 2 Adobe, Hp | 2 Livecycle Data Services, Business Service Management | 2018-10-09 | 5.0 MEDIUM | N/A |
| Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0514 | 1 Adobe | 1 Adobe Reader | 2018-10-09 | 9.3 HIGH | N/A |
| The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. | |||||
| CVE-2011-2122 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119. | |||||
| CVE-2011-0556 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to an unexpected sign extension and an invalid pointer dereference, a different vulnerability than CVE-2011-0569. | |||||
| CVE-2011-0569 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556. | |||||
| CVE-2011-0557 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a "faulty allocation" and memory corruption. | |||||
| CVE-2011-0555 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. | |||||
| CVE-2018-5007 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12804 | 1 Adobe | 1 Connect | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. | |||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5004 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5006 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5008 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4997 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4998 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4999 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4943 | 1 Adobe | 1 Push Notifications | 2018-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app. | |||||