Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1493

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Apr, 2009 | 20:00
Updated At-07 Aug, 2024 | 05:13
Rejected At-
Credits

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Apr, 2009 | 20:00
Updated At:07 Aug, 2024 | 05:13
Rejected At:
▼CVE Numbering Authority (CNA)

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
x_transferred
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
x_transferred
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
x_transferred
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
x_transferred
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
x_transferred
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Apr, 2009 | 20:30
Updated At:23 Apr, 2026 | 00:35

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Adobe Inc.
adobe
>>reader>>8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>reader>>9.1
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlcve@mitre.org
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://osvdb.org/54129cve@mitre.org
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtcve@mitre.org
Exploit
http://secunia.com/advisories/34924cve@mitre.org
Broken Link
http://secunia.com/advisories/35055cve@mitre.org
Broken Link
http://secunia.com/advisories/35096cve@mitre.org
Broken Link
http://secunia.com/advisories/35152cve@mitre.org
Broken Link
http://secunia.com/advisories/35358cve@mitre.org
Broken Link
http://secunia.com/advisories/35416cve@mitre.org
Broken Link
http://secunia.com/advisories/35734cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1cve@mitre.org
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953cve@mitre.org
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlcve@mitre.org
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180cve@mitre.org
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/34740cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139cve@mitre.org
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1317cve@mitre.org
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146cve@mitre.org
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570cve@mitre.org
Third Party Advisory
VDB Entry
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://osvdb.org/54129af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/34924af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35055af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35096af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35152af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35358af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35416af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35734af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/34740af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/1317af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

589Records found
CVE-2019-19449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.50%
||
7 Day CHG~0.00%
Published-08 Dec, 2019 | 01:14
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19447
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.69% / 82.46%
||
7 Day CHG~0.00%
Published-08 Dec, 2019 | 00:48
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelcloud_backupactive_iq_unified_managerhci_baseboard_management_controllerdata_availability_servicessolidfire_baseboard_management_controllersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-416
Use After Free
CVE-2010-0186
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-2.92% / 86.59%
||
7 Day CHG~0.00%
Published-15 Feb, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readerflash_playeradobe_airn/a
CVE-2019-12172
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 67.66%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 22:30
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.

Action-Not Available
Vendor-typoran/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowstyporalinux_kernelmac_os_xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-0798
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0799
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.48% / 65.38%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-0796
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.72% / 72.71%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0797
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.72% / 72.71%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-11229
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.53% / 91.23%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CVE-2022-0791
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.69%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2017-11263
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.40% / 85.26%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7872
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.23%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2016-7871
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.83% / 86.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7890
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-0.40% / 61.09%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CVE-2016-7875
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.83% / 86.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-4901
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-20.06% / 95.57%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_dcacrobat_readeracrobat_reader_dcacrobatAdobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7869
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.05% / 77.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7867
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.05% / 77.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5198
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-78.66% / 99.06%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-21 Apr, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncApple Inc.Red Hat, Inc.Google LLC
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and MacChromium V8
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46816
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.74% / 82.72%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:19
Updated-23 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution

Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowspremiere_promacosPremiere
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46818
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-9.78% / 93.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:09
Updated-23 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46817
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.84% / 88.33%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:15
Updated-23 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4224
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.39% / 90.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2016-4196
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 83.78%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4199
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 83.78%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4195
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.31% / 87.40%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4225
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.39% / 90.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2016-3707
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.79% / 82.98%
||
7 Day CHG~0.00%
Published-27 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncNovell
Product-enterprise_linux_for_real_timelinux_kernel-rtsuse_linux_enterprise_real_time_extensionenterprise_linux_for_real_time_for_nfvn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-4198
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 83.78%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4223
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.39% / 90.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2016-4200
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 83.78%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-3933
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.76%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 16:00
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method.

Action-Not Available
Vendor-antennahouseAntenna HouseLinux Kernel Organization, Inc
Product-linux_kerneloffice_server_document_converterAntenna House
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45055
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.02% / 83.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-23 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-4819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-28.53% / 96.59%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CVE-2021-45056
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.58% / 81.80%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-23 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-5108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.43% / 90.26%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-adobe_airn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-45068
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.90%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4910
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.52% / 92.48%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_dcacrobat_readeracrobat_reader_dcacrobatAdobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45053
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.23% / 79.39%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-23 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45058
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.23% / 79.39%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-23 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44701
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-18.04% / 95.26%
||
7 Day CHG-4.60%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2016-4222
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.70% / 92.01%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osn/a
CWE ID-CWE-416
Use After Free
CVE-2021-45064
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-12.68% / 94.07%
||
7 Day CHG-3.57%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-45057
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.23% / 79.39%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-23 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-1201
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.20% / 92.81%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flashn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-0629
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-42737
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.81% / 88.25%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:23
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42735
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.89% / 83.42%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:45
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop Memory Corruption could lead to Arbitrary code execution

Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-43755
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.57% / 81.74%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:50
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Memory Corruption could lead to Arbitrary Code Execution

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.28%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found