CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8442 264 2014-11-11 2014-11-12
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.
2 CVE-2014-1884 264 Bypass 2014-03-02 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
3 CVE-2014-1883 264 Bypass 2014-03-02 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
4 CVE-2014-1882 264 Bypass 2014-03-02 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
5 CVE-2014-1881 264 Bypass 2014-03-02 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
6 CVE-2014-0583 119 Overflow 2014-11-11 2014-11-12
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.
7 CVE-2014-0563 119 DoS Overflow Mem. Corr. 2014-09-17 2014-09-17
7.8
None Remote Low Not required None None Complete
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
8 CVE-2014-0548 264 Bypass 2014-09-09 2014-11-13
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
9 CVE-2014-0539 264 Bypass 2014-07-09 2014-08-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.
10 CVE-2014-0537 264 Bypass 2014-07-09 2014-08-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.
11 CVE-2014-0535 264 Bypass 2014-06-11 2014-08-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.
12 CVE-2014-0534 264 Bypass 2014-06-11 2014-08-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.
13 CVE-2014-0520 264 Bypass 2014-05-14 2014-06-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.
14 CVE-2014-0519 264 Bypass 2014-05-14 2014-06-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.
15 CVE-2014-0518 264 Bypass 2014-05-14 2014-06-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.
16 CVE-2014-0517 264 Bypass 2014-05-14 2014-06-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.
17 CVE-2014-0516 264 Bypass 2014-05-14 2014-06-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
18 CVE-2014-0499 264 Bypass 2014-02-21 2014-06-21
7.8
None Remote Low Not required Complete None None
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
19 CVE-2013-5328 264 2013-11-12 2013-11-13
7.8
None Remote Low Not required Complete None None
Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.
20 CVE-2013-2550 Bypass 2013-03-11 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
21 CVE-2013-2549 94 Exec Code 2013-03-11 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
22 CVE-2013-1388 2013-04-09 2013-04-10
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.
23 CVE-2013-1387 2013-04-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.
24 CVE-2013-0627 +Priv 2013-01-10 2013-11-02
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.
25 CVE-2012-6637 20 Bypass 2014-03-02 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.
26 CVE-2012-5679 119 Exec Code Overflow 2012-12-13 2012-12-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.
27 CVE-2012-5674 DoS 2012-11-20 2013-05-02
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.
28 CVE-2012-4162 119 DoS Exec Code Overflow Mem. Corr. 2012-08-15 2012-08-15
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161.
29 CVE-2012-4161 119 DoS Exec Code Overflow Mem. Corr. 2012-08-15 2012-08-15
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162.
30 CVE-2012-2040 +Priv 2012-06-08 2012-06-20
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.
31 CVE-2012-0777 119 DoS Exec Code Overflow Mem. Corr. 2012-04-10 2013-02-14
7.5
None Remote Low Not required Partial Partial Partial
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
32 CVE-2011-4374 189 Exec Code Overflow 2012-01-19 2013-11-15
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
33 CVE-2011-4373 DoS Exec Code Mem. Corr. 2012-01-10 2012-02-01
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
34 CVE-2011-4372 DoS Exec Code Mem. Corr. 2012-01-10 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
35 CVE-2011-4371 DoS Exec Code Mem. Corr. 2012-01-10 2012-02-01
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
36 CVE-2011-4370 DoS Exec Code Mem. Corr. 2012-01-10 2012-02-01
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.
37 CVE-2010-2861 22 Dir. Trav. 2010-08-11 2013-09-23
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
38 CVE-2009-3951 200 +Info 2009-12-10 2010-08-21
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
39 CVE-2009-2564 264 1 +Priv 2009-07-21 2010-12-01
7.2
Admin Local Low Not required Complete Complete Complete
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
40 CVE-2009-1365 2009-05-01 2009-05-19
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.
41 CVE-2008-5331 310 2008-12-04 2008-12-05
7.5
User Remote Low Not required Partial Partial Partial
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.
42 CVE-2008-4831 264 +Priv Bypass +Info 2008-11-10 2009-01-06
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
43 CVE-2008-4820 200 +Info 2008-11-10 2012-10-30
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
44 CVE-2008-4815 264 +Priv 2008-11-05 2012-11-05
7.5
User Remote Low Not required Partial Partial Partial
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
45 CVE-2008-1656 264 2008-04-09 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
46 CVE-2008-1203 2008-03-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
47 CVE-2007-2682 Bypass 2007-05-18 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.
48 CVE-2007-1874 Exec Code +Info 2007-04-11 2008-11-13
7.2
Admin Local Low Not required Complete Complete Complete
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
49 CVE-2007-1279 +Priv 2007-04-11 2011-03-28
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.
50 CVE-2007-0046 Exec Code 2007-01-03 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
Total number of vulnerabilities : 66   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.