Filtered by vendor Adobe
Subscribe
Search
Total
4765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1886 | 2 Adobe, Edinburghtour | 2 Phonegap, Edinburgh By Bus | 2014-03-07 | 6.8 MEDIUM | N/A |
| The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites." | |||||
| CVE-2014-1885 | 2 Adobe, Hsgroup | 2 Phonegap, Forzearmate | 2014-03-07 | 6.4 MEDIUM | N/A |
| The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain. | |||||
| CVE-2012-6637 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring. | |||||
| CVE-2014-1881 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. | |||||
| CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2014-03-03 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | |||||
| CVE-2014-1883 | 1 Adobe | 1 Phonegap | 2014-03-03 | 7.5 HIGH | N/A |
| Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | |||||
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | |||||
| CVE-2013-1376 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2014-02-21 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. | |||||
| CVE-2013-3349 | 1 Adobe | 1 Coldfusion | 2014-01-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2014-01-17 | 10.0 HIGH | N/A |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | |||||
| CVE-2013-5334 | 1 Adobe | 1 Shockwave Player | 2013-12-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333. | |||||
| CVE-2013-5333 | 1 Adobe | 1 Shockwave Player | 2013-12-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334. | |||||
| CVE-2012-5272 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-11-25 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. | |||||
| CVE-2013-3336 | 1 Adobe | 1 Coldfusion | 2013-11-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2013-5327 | 1 Adobe | 1 Robohelp | 2013-10-10 | 10.0 HIGH | N/A |
| MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2010-2861 | 1 Adobe | 1 Coldfusion | 2013-09-24 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. | |||||
| CVE-2013-3360 | 1 Adobe | 1 Shockwave Player | 2013-09-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359. | |||||
| CVE-2013-3359 | 1 Adobe | 1 Shockwave Player | 2013-09-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3360. | |||||
| CVE-2013-3347 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. | |||||
| CVE-2013-3345 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-3348 | 1 Adobe | 1 Shockwave Player | 2013-08-20 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-1377 | 1 Adobe | 1 Digital Editions | 2013-07-31 | 10.0 HIGH | N/A |
| Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-0636 | 1 Adobe | 1 Shockwave Player | 2013-05-04 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-0635 | 1 Adobe | 1 Shockwave Player | 2013-05-04 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-4170 | 1 Adobe | 1 Photoshop Cs6 | 2013-04-19 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2013-1385 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||
| CVE-2013-1386 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1384. | |||||
| CVE-2013-1384 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386. | |||||
| CVE-2013-1383 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-0630 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-03-06 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5273 | 1 Adobe | 1 Shockwave Player | 2013-03-02 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175. | |||||
| CVE-2013-0625 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0629 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 4.3 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0631 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2012-5680 | 1 Adobe | 1 Camera Raw | 2012-12-17 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5679 | 1 Adobe | 1 Camera Raw | 2012-12-13 | 7.5 HIGH | N/A |
| Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5675 | 1 Adobe | 1 Coldfusion | 2012-12-12 | 4.4 MEDIUM | N/A |
| Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | |||||
| CVE-2008-5108 | 1 Adobe | 1 Adobe Air | 2012-10-31 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. | |||||
| CVE-2012-2042 | 1 Adobe | 2 Illustrator, Illustrator Cs5.5 | 2012-09-29 | 10.0 HIGH | N/A |
| Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. | |||||
| CVE-2010-5258 | 1 Adobe | 1 Audition | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5270 | 1 Adobe | 1 Device Central Cs4 | 2012-09-07 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the current working directory, as demonstrated by a directory that contains a .adcp file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5212 | 1 Adobe | 1 Livecycle Designer Es2 | 2012-09-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-4162 | 2 Adobe, Apple | 3 Acrobat, Acrobat Reader, Mac Os X | 2012-08-15 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161. | |||||
| CVE-2012-2044 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-2045 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-2047 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046. | |||||
| CVE-2012-2046 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2047. | |||||
| CVE-2012-2043 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-4161 | 2 Adobe, Apple | 3 Acrobat, Acrobat Reader, Mac Os X | 2012-08-15 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162. | |||||
| CVE-2012-2041 | 1 Adobe | 1 Coldfusion | 2012-06-13 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||