# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
9051 |
CVE-2018-15997 |
125 |
|
|
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9052 |
CVE-2018-15996 |
125 |
|
|
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9053 |
CVE-2018-15995 |
190 |
|
Overflow |
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. |
9054 |
CVE-2018-15989 |
125 |
|
|
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9055 |
CVE-2018-15986 |
190 |
|
Overflow |
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. |
9056 |
CVE-2018-15985 |
125 |
|
|
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9057 |
CVE-2018-15984 |
125 |
|
|
2019-01-18 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9058 |
CVE-2018-15980 |
125 |
|
|
2018-11-29 |
2018-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9059 |
CVE-2018-15979 |
200 |
|
+Info |
2018-11-29 |
2019-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. |
9060 |
CVE-2018-15978 |
125 |
|
|
2018-11-29 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9061 |
CVE-2018-15976 |
427 |
|
|
2018-10-17 |
2018-12-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
9062 |
CVE-2018-15974 |
426 |
|
|
2018-10-17 |
2018-12-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
9063 |
CVE-2018-15973 |
79 |
|
XSS |
2018-10-17 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
9064 |
CVE-2018-15972 |
79 |
|
XSS |
2018-10-17 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
9065 |
CVE-2018-15971 |
79 |
|
XSS |
2018-10-17 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
9066 |
CVE-2018-15970 |
79 |
|
XSS |
2018-10-17 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
9067 |
CVE-2018-15969 |
79 |
|
XSS |
2018-10-17 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
9068 |
CVE-2018-15968 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9069 |
CVE-2018-15967 |
200 |
|
+Info |
2018-09-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. |
9070 |
CVE-2018-15964 |
200 |
|
+Info |
2018-09-25 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. |
9071 |
CVE-2018-15963 |
|
|
Bypass |
2018-09-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. |
9072 |
CVE-2018-15962 |
200 |
|
+Info |
2018-09-25 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. |
9073 |
CVE-2018-15960 |
20 |
|
|
2018-09-25 |
2018-11-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. |
9074 |
CVE-2018-15956 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9075 |
CVE-2018-15953 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9076 |
CVE-2018-15950 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9077 |
CVE-2018-15949 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9078 |
CVE-2018-15948 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9079 |
CVE-2018-15947 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9080 |
CVE-2018-15946 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9081 |
CVE-2018-15943 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9082 |
CVE-2018-15942 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9083 |
CVE-2018-15932 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9084 |
CVE-2018-15927 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9085 |
CVE-2018-15926 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9086 |
CVE-2018-15925 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9087 |
CVE-2018-15923 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9088 |
CVE-2018-15922 |
125 |
|
|
2018-10-12 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
9089 |
CVE-2018-15919 |
200 |
|
+Info |
2018-08-28 |
2018-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' |
9090 |
CVE-2018-15918 |
89 |
|
Sql |
2018-09-05 |
2018-11-05 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. |
9091 |
CVE-2018-15917 |
79 |
|
XSS |
2018-09-05 |
2018-10-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. |
9092 |
CVE-2018-15913 |
79 |
|
XSS |
2019-06-20 |
2019-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter. |
9093 |
CVE-2018-15911 |
119 |
|
Exec Code Overflow |
2018-08-28 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. |
9094 |
CVE-2018-15910 |
704 |
|
Exec Code |
2018-08-27 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. |
9095 |
CVE-2018-15909 |
704 |
|
Exec Code |
2018-08-27 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. |
9096 |
CVE-2018-15908 |
|
|
Bypass |
2018-08-27 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. |
9097 |
CVE-2018-15907 |
400 |
|
DoS |
2018-08-29 |
2019-10-02 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. |
9098 |
CVE-2018-15903 |
79 |
|
XSS |
2018-10-08 |
2018-11-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. |
9099 |
CVE-2018-15901 |
352 |
|
CSRF |
2018-08-28 |
2018-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. |
9100 |
CVE-2018-15899 |
79 |
|
XSS |
2018-08-27 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. |