CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-3053 125 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.
2 CVE-2017-3052 125 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.
3 CVE-2017-3046 125 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.
4 CVE-2017-3045 125 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.
5 CVE-2017-3043 200 +Info 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.
6 CVE-2017-3033 125 2017-04-12 2017-04-19
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.
7 CVE-2017-3032 125 2017-04-12 2017-04-19
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
8 CVE-2017-3031 125 2017-04-12 2017-04-19
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.
9 CVE-2017-3029 119 Overflow 2017-04-12 2017-04-19
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.
10 CVE-2017-3022 125 2017-04-12 2017-04-19
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.
11 CVE-2017-3021 125 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.
12 CVE-2017-3020 119 Overflow 2017-04-12 2017-04-18
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.
13 CVE-2017-3007 426 2017-04-12 2017-04-20
4.6
None Local Low Not required Partial Partial Partial
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
14 CVE-2017-2969 79 XSS 2017-02-15 2017-02-28
4.3
None Remote Medium Not required None Partial None
Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.
15 CVE-2017-2947 20 Bypass 2017-01-10 2017-01-17
4.3
None Remote Medium Not required None Partial None
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF).
16 CVE-2017-2929 79 Exec Code XSS 2017-01-24 2017-01-26
4.3
None Remote Medium Not required None Partial None
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.
17 CVE-2016-7891 79 XSS 2016-12-15 2016-12-22
4.3
None Remote Medium Not required None Partial None
Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.
18 CVE-2016-7884 79 XSS 2016-12-15 2016-12-21
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.
19 CVE-2016-7883 79 XSS 2016-12-15 2016-12-21
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.
20 CVE-2016-7882 79 XSS 2016-12-15 2016-12-21
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.
21 CVE-2016-7851 79 XSS 2016-11-08 2016-11-28
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
22 CVE-2016-6934 79 XSS 2016-12-15 2016-12-23
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.
23 CVE-2016-6933 79 XSS 2016-12-15 2016-12-22
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
24 CVE-2016-4247 362 +Info 2016-07-12 2016-11-28
4.3
None Remote Medium Not required Partial None None
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.
25 CVE-2016-4170 79 XSS 2016-08-09 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
26 CVE-2016-4168 79 XSS 2016-08-09 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
27 CVE-2016-4164 79 XSS 2016-06-16 2016-06-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28 CVE-2016-4159 79 XSS 2016-06-16 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29 CVE-2016-1113 79 XSS 2016-05-10 2016-11-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30 CVE-2016-1036 79 XSS 2016-04-22 2016-12-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2016-0955 79 XSS 2016-02-10 2016-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
32 CVE-2015-8453 200 Bypass +Info 2015-12-10 2017-02-16
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass the ASLR protection mechanism via JIT data, a different vulnerability than CVE-2015-8409 and CVE-2015-8440.
33 CVE-2015-8053 79 XSS 2015-11-18 2016-12-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.
34 CVE-2015-8052 79 XSS 2015-11-18 2016-12-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.
35 CVE-2015-6704 200 +Info 2015-10-14 2016-12-07
4.3
None Remote Medium Not required Partial None None
The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6703.
36 CVE-2015-6703 200 +Info 2015-10-14 2016-12-07
4.3
None Remote Medium Not required Partial None None
The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6704.
37 CVE-2015-6702 200 +Info 2015-10-14 2016-12-07
4.3
None Remote Medium Not required Partial None None
The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6703, and CVE-2015-6704.
38 CVE-2015-6701 200 +Info 2015-10-14 2016-12-09
4.3
None Remote Medium Not required Partial None None
The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.
39 CVE-2015-6699 200 +Info 2015-10-14 2016-12-09
4.3
None Remote Medium Not required Partial None None
The addForegroundSprite function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.
40 CVE-2015-6697 200 +Info 2015-10-14 2016-12-07
4.3
None Remote Medium Not required Partial None None
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object's RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.
41 CVE-2015-5583 200 Bypass +Info 2015-10-14 2016-12-07
4.3
None Remote Medium Not required Partial None None
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624.
42 CVE-2015-5571 352 +Info CSRF 2015-09-22 2017-02-16
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333.
43 CVE-2015-5255 20 2015-11-18 2016-12-07
4.3
None Remote Medium Not required None Partial None
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
44 CVE-2015-3101 264 2015-06-09 2016-12-30
4.3
None Remote Medium Not required None Partial None
The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors.
45 CVE-2015-3081 362 Bypass 2015-05-13 2017-01-02
4.3
None Remote Medium Not required None Partial None
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors.
46 CVE-2015-0345 79 XSS 2015-04-15 2017-01-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
47 CVE-2015-0344 79 XSS 2015-06-13 2016-12-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2015-0343 79 XSS 2015-06-13 2016-12-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
49 CVE-2014-5333 352 +Info CSRF 2014-08-19 2017-01-06
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.
50 CVE-2014-5315 79 XSS 2014-09-26 2017-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 155   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.