CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-4994 200 Bypass +Info 2018-05-19 2018-07-11
5.0
None Remote Low Not required Partial None None
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
2 CVE-2018-4992 20 2018-05-19 2018-06-25
4.6
None Local Low Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.
3 CVE-2018-4991 295 Bypass 2018-05-19 2018-06-25
7.5
None Remote Low Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.
4 CVE-2018-4990 415 Exec Code 2018-07-09 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
5 CVE-2018-4944 704 Exec Code 2018-05-19 2018-06-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
6 CVE-2018-4943 20 Exec Code 2018-05-19 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.
7 CVE-2018-4942 611 2018-05-19 2018-06-27
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
8 CVE-2018-4941 79 XSS 2018-05-19 2018-06-27
4.3
None Remote Medium Not required None Partial None
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
9 CVE-2018-4940 79 XSS 2018-05-19 2018-06-27
4.3
None Remote Medium Not required None Partial None
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
10 CVE-2018-4939 502 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
11 CVE-2018-4938 264 2018-05-19 2018-06-27
4.6
None Local Low Not required Partial Partial Partial
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
12 CVE-2018-4937 787 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
13 CVE-2018-4936 119 Overflow 2018-05-19 2018-06-27
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
14 CVE-2018-4935 787 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
15 CVE-2018-4934 125 2018-05-19 2018-06-27
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
16 CVE-2018-4933 125 2018-05-19 2018-07-02
4.0
None Remote Low Single system Partial None None
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
17 CVE-2018-4932 416 Exec Code 2018-05-19 2018-07-02
9.0
None Remote Low Single system Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
18 CVE-2018-4931 79 XSS 2018-05-19 2018-06-22
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
19 CVE-2018-4930 79 XSS 2018-05-19 2018-06-22
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
20 CVE-2018-4929 79 XSS 2018-05-19 2018-06-22
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
21 CVE-2018-4928 119 Exec Code Overflow Mem. Corr. 2018-05-19 2018-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
22 CVE-2018-4927 426 2018-05-19 2018-06-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
23 CVE-2018-4926 119 Overflow 2018-05-19 2018-06-22
4.3
None Remote Medium Not required Partial None None
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.
24 CVE-2018-4925 125 2018-05-19 2018-06-22
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25 CVE-2018-4924 78 Exec Code 2018-05-19 2018-06-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
26 CVE-2018-4923 78 2018-05-19 2018-06-22
6.4
None Remote Low Not required None Partial Partial
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.
27 CVE-2018-4921 79 XSS 2018-05-19 2018-06-22
4.3
None Remote Medium Not required None Partial None
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
28 CVE-2018-4920 704 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
29 CVE-2018-4919 416 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
30 CVE-2018-4918 787 Exec Code 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
31 CVE-2018-4917 119 Exec Code Overflow 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
32 CVE-2018-4916 787 Exec Code 2018-02-27 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
33 CVE-2018-4915 787 Exec Code 2018-02-27 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
34 CVE-2018-4914 125 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.
35 CVE-2018-4913 416 Exec Code 2018-02-27 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.
36 CVE-2018-4912 125 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.
37 CVE-2018-4911 416 2018-02-27 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
38 CVE-2018-4910 119 Overflow 2018-02-27 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
39 CVE-2018-4909 125 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.
40 CVE-2018-4908 125 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.
41 CVE-2018-4907 125 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.
42 CVE-2018-4906 125 2018-02-27 2018-03-17
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure.
43 CVE-2018-4905 125 2018-02-27 2018-03-19
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.
44 CVE-2018-4904 119 Exec Code Overflow 2018-02-27 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
45 CVE-2018-4903 125 2018-02-27 2018-03-19
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.
46 CVE-2018-4902 416 Exec Code 2018-02-27 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.
47 CVE-2018-4901 787 Exec Code 2018-02-27 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
48 CVE-2018-4900 125 2018-02-27 2018-03-19
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure.
49 CVE-2018-4899 125 2018-02-27 2018-03-19
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.
50 CVE-2018-4898 787 Exec Code 2018-02-27 2018-03-19
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Total number of vulnerabilities : 2571   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.