CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2851 CVE-2017-2972 119 Exec Code Overflow Mem. Corr. 2017-01-24 2017-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution.
2852 CVE-2017-2971 119 Exec Code Overflow 2017-01-24 2017-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
2853 CVE-2017-2970 119 Exec Code Overflow 2017-01-24 2017-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution.
2854 CVE-2017-2967 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.
2855 CVE-2017-2966 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.
2856 CVE-2017-2965 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution.
2857 CVE-2017-2964 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.
2858 CVE-2017-2963 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution.
2859 CVE-2017-2962 704 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution.
2860 CVE-2017-2961 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution.
2861 CVE-2017-2960 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution.
2862 CVE-2017-2959 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution.
2863 CVE-2017-2958 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
2864 CVE-2017-2957 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution.
2865 CVE-2017-2956 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution.
2866 CVE-2017-2955 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
2867 CVE-2017-2954 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution.
2868 CVE-2017-2953 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution.
2869 CVE-2017-2952 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution.
2870 CVE-2017-2951 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.
2871 CVE-2017-2950 416 Exec Code 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.
2872 CVE-2017-2949 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
2873 CVE-2017-2948 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.
2874 CVE-2017-2946 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution.
2875 CVE-2017-2945 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.
2876 CVE-2017-2944 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution.
2877 CVE-2017-2943 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.
2878 CVE-2017-2942 119 Exec Code Overflow 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution.
2879 CVE-2017-2941 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.
2880 CVE-2017-2940 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution.
2881 CVE-2017-2939 119 Exec Code Overflow Mem. Corr. 2017-01-10 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.
2882 CVE-2017-2937 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
2883 CVE-2017-2936 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
2884 CVE-2017-2935 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
2885 CVE-2017-2934 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
2886 CVE-2017-2933 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
2887 CVE-2017-2932 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
2888 CVE-2017-2931 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
2889 CVE-2017-2930 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
2890 CVE-2017-2928 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
2891 CVE-2017-2927 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
2892 CVE-2017-2926 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
2893 CVE-2017-2925 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
2894 CVE-2017-2917 78 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
2895 CVE-2017-2916 59 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.
2896 CVE-2017-2890 78 2017-11-07 2017-11-27
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.
2897 CVE-2017-2883 264 Exec Code 2017-11-07 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.
2898 CVE-2017-2872 264 Exec Code 2018-09-17 2018-11-21
9.0
None Remote Low Single system Complete Complete Complete
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
2899 CVE-2017-2866 78 2017-11-07 2017-11-27
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
2900 CVE-2017-2857 119 Overflow 2018-09-17 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.