| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3336 |
|
|
|
2013-05-09 |
2013-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. |
|
2 |
CVE-2013-2737 |
200 |
|
+Info |
2013-05-16 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors. |
|
3 |
CVE-2013-0637 |
200 |
|
+Info |
2013-02-12 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. |
|
4 |
CVE-2013-0631 |
200 |
|
+Info |
2013-01-08 |
2013-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. |
|
5 |
CVE-2012-4171 |
|
|
DoS |
2012-08-31 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. |
|
6 |
CVE-2012-2048 |
|
|
DoS |
2012-09-12 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. |
|
7 |
CVE-2012-2038 |
264 |
|
Bypass +Info |
2012-06-08 |
2012-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. |
|
8 |
CVE-2012-0770 |
|
|
DoS |
2012-03-13 |
2012-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
|
9 |
CVE-2012-0769 |
189 |
|
+Info |
2012-03-05 |
2012-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. |
|
10 |
CVE-2011-2429 |
264 |
|
Bypass +Info |
2011-09-21 |
2012-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." |
|
11 |
CVE-2011-2132 |
119 |
|
DoS Overflow Mem. Corr. |
2011-08-11 |
2011-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors. |
|
12 |
CVE-2011-2093 |
20 |
|
DoS |
2011-06-16 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." |
|
13 |
CVE-2011-2091 |
|
|
DoS |
2011-06-16 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors. |
|
14 |
CVE-2011-0737 |
200 |
|
+Info |
2011-02-01 |
2011-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. |
|
15 |
CVE-2011-0612 |
399 |
|
DoS |
2011-05-16 |
2011-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors. |
|
16 |
CVE-2011-0582 |
|
|
+Info |
2011-02-10 |
2011-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors. |
|
17 |
CVE-2011-0579 |
200 |
|
+Info |
2011-05-13 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. |
|
18 |
CVE-2010-3634 |
|
|
DoS |
2010-11-09 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors. |
|
19 |
CVE-2010-3633 |
399 |
|
DoS |
2010-11-09 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors. |
|
20 |
CVE-2010-2865 |
|
|
DoS |
2010-08-26 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors. |
|
21 |
CVE-2010-2220 |
|
|
DoS |
2010-08-11 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to an "input validation issue." |
|
22 |
CVE-2010-2219 |
399 |
|
DoS |
2010-08-11 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors. |
|
23 |
CVE-2010-2218 |
|
|
DoS |
2010-08-11 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a "JS method issue." |
|
24 |
CVE-2010-0185 |
264 |
|
+Info |
2010-02-03 |
2010-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. |
|
25 |
CVE-2009-3957 |
|
|
DoS |
2010-01-13 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. |
|
26 |
CVE-2009-3791 |
|
|
DoS |
2009-12-21 |
2009-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors. |
|
27 |
CVE-2009-3462 |
|
|
Exec Code |
2009-10-19 |
2010-08-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." |
|
28 |
CVE-2009-3431 |
119 |
|
DoS Overflow |
2009-09-25 |
2010-11-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information. |
|
29 |
CVE-2009-1876 |
|
|
+Info |
2009-08-18 |
2009-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." |
|
30 |
CVE-2009-0114 |
|
|
|
2009-02-26 |
2010-08-21 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." |
|
31 |
CVE-2008-5109 |
16 |
|
|
2008-11-25 |
2008-11-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. |
|
32 |
CVE-2008-4071 |
20 |
1
|
DoS |
2008-09-15 |
2009-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. |
|
33 |
CVE-2008-0644 |
|
|
XSS Bypass |
2008-03-11 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. |
|
34 |
CVE-2007-6245 |
119 |
|
Overflow |
2007-12-19 |
2010-08-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. |
|
35 |
CVE-2007-5275 |
20 |
|
|
2007-10-08 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. |
|
36 |
CVE-2007-4651 |
264 |
|
|
2007-09-11 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. |
|
37 |
CVE-2007-4324 |
264 |
|
Bypass +Info |
2007-08-13 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. |
|
38 |
CVE-2007-1377 |
|
1
|
DoS |
2007-03-09 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. |
|
39 |
CVE-2007-0048 |
|
|
DoS XSS |
2007-01-03 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." |
|
40 |
CVE-2006-6482 |
|
|
+Info |
2006-12-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. |
|
41 |
CVE-2006-5858 |
20 |
|
|
2006-12-31 |
2011-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. |
|
42 |
CVE-2006-5330 |
79 |
|
XSS |
2006-10-17 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. |
|
43 |
CVE-2006-5200 |
|
|
|
2006-10-10 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing." |
|
44 |
CVE-2006-4724 |
|
|
DoS |
2006-09-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. |
|
45 |
CVE-2006-3587 |
|
|
Exec Code |
2006-07-13 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. |
|
46 |
CVE-2006-3453 |
|
|
Exec Code Overflow |
2006-07-13 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. |
|
47 |
CVE-2006-3311 |
|
|
Exec Code Overflow |
2006-09-12 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. |
|
48 |
CVE-2005-1625 |
|
|
Exec Code Overflow |
2005-07-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. |
|
49 |
CVE-2005-1306 |
|
|
|
2005-06-15 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability." |
|
50 |
CVE-2005-0918 |
|
|
|
2005-05-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. |
