Filtered by vendor Adobe
Subscribe
Total
6925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6243 | 1 Adobe | 1 Flash Player | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | |||||
| CVE-2008-4823 | 1 Adobe | 1 Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. | |||||
| CVE-2009-1493 | 2 Adobe, Linux | 2 Reader, Linux Kernel | 2025-04-09 | 6.8 MEDIUM | N/A |
| The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. | |||||
| CVE-2009-2992 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 4.3 MEDIUM | N/A |
| An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-1860 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. | |||||
| CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | |||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | |||||
| CVE-2009-3462 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 5.1 MEDIUM | N/A |
| Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." | |||||
| CVE-2009-2998 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. | |||||
| CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | |||||
| CVE-2007-4324 | 1 Adobe | 1 Flash Player | 2025-04-09 | 5.0 MEDIUM | N/A |
| ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. | |||||
| CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.5 HIGH | N/A |
| Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | |||||
| CVE-2009-3459 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3961 | 1 Adobe | 1 Illustrator | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. | |||||
| CVE-2007-2365 | 1 Adobe | 4 Golive, Illustrator, Photoshop and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | |||||
| CVE-2006-6027 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | |||||
| CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | |||||
| CVE-2008-0644 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | |||||
| CVE-2009-3958 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. | |||||