Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1493

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Apr, 2009 | 20:00
Updated At-07 Aug, 2024 | 05:13
Rejected At-
Credits

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Apr, 2009 | 20:00
Updated At:07 Aug, 2024 | 05:13
Rejected At:
▼CVE Numbering Authority (CNA)

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
x_transferred
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
x_transferred
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
x_transferred
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
x_transferred
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
x_transferred
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Apr, 2009 | 20:30
Updated At:23 Apr, 2026 | 00:35

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Adobe Inc.
adobe
>>reader>>8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>reader>>9.1
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlcve@mitre.org
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://osvdb.org/54129cve@mitre.org
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtcve@mitre.org
Exploit
http://secunia.com/advisories/34924cve@mitre.org
Broken Link
http://secunia.com/advisories/35055cve@mitre.org
Broken Link
http://secunia.com/advisories/35096cve@mitre.org
Broken Link
http://secunia.com/advisories/35152cve@mitre.org
Broken Link
http://secunia.com/advisories/35358cve@mitre.org
Broken Link
http://secunia.com/advisories/35416cve@mitre.org
Broken Link
http://secunia.com/advisories/35734cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1cve@mitre.org
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953cve@mitre.org
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlcve@mitre.org
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180cve@mitre.org
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/34740cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139cve@mitre.org
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1317cve@mitre.org
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146cve@mitre.org
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570cve@mitre.org
Third Party Advisory
VDB Entry
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://osvdb.org/54129af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/34924af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35055af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35096af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35152af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35358af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35416af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35734af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/34740af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/1317af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

589Records found
CVE-2016-0935
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.75% / 88.18%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted ExtGState dictionary.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CVE-2016-0943
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.14% / 84.43%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CVE-2016-0939
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.92% / 86.57%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0932
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.21% / 87.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the Doc object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CVE-2016-0941
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.21% / 87.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0940.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CVE-2016-0934
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.21% / 87.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2016-0932, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CVE-2015-7618
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 78.16%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-7614
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.00% / 77.19%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions and execute arbitrary commands via an app.launchURL call, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-6698
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 81.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the AcroForm implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6696.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-6694
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.79%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the fillColor attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6695, and CVE-2015-7622.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6718
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-6685
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.79%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6690
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.30% / 79.95%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-6696
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 81.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6698.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-6688
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.30% / 79.95%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-6697
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.69% / 82.46%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object's RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-6719
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-6712
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ANSendApprovalToAuthorEnabled method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-6711
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-5106
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 59.71%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-5111
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.51% / 81.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-5110
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-2.80% / 86.29%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-5109
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 78.67%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5108.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-5085
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 75.67%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5086.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-5113
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.51% / 81.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5114.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-4491
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.69% / 88.09%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME ProjectopenSUSEGoogle LLCOracle CorporationLinux Kernel Organization, IncMozilla CorporationFedora Project
Product-gdk-pixbuffirefoxubuntu_linuxsolarisfedorachromelinux_kernelopensusen/a
CVE-2015-4441
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 75.67%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-3096
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.42% / 62.26%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xair_sdk_\&_compilerwindowsflash_playerair_sdkandroidairlinux_kerneln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39832
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.05% / 89.88%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-23 Apr, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-framemakerwindowsFrameMaker
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0797
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.61% / 91.95%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Action-Not Available
Vendor-gstreamern/aLinux Kernel Organization, IncSUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxdebian_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopgstreamerlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_kernellinux_enterprise_software_development_kitn/a
CVE-2015-1234
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 83.94%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-chromewindowslinux_kernelmacosn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-9751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.84% / 89.64%
||
7 Day CHG~0.00%
Published-04 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Action-Not Available
Vendor-ntpn/aApple Inc.Oracle CorporationLinux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopntplinuxmacoslinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7870
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.05% / 77.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7868
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.05% / 77.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 71.50%
||
7 Day CHG+0.18%
Published-03 Mar, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."

Action-Not Available
Vendor-edinburghtourn/aAdobe Inc.
Product-edinburgh_by_busphonegapn/a
CVE-2016-7879
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.23%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2014-0570
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-7878
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.23%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2013-6645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.41% / 80.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxmac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2016-7885
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.18% / 78.99%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager 6.2 and earlier
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-2977
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-17.07% / 95.08%
||
7 Day CHG~0.00%
Published-10 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernellotus_notesn/a
CVE-2015-6722
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewStatusDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-6720
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ANRunSharedReviewEmailStep method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2021-30565
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.30%
||
7 Day CHG-0.00%
Published-03 Aug, 2021 | 19:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectLinux Kernel Organization, Inc
Product-chromechrome_osfedoralinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0625
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-78.34% / 99.05%
||
7 Day CHG~0.00%
Published-09 Jan, 2013 | 01:00
Updated-21 Apr, 2026 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-07||Apply updates per vendor instructions.

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

Action-Not Available
Vendor-opengroupn/aMicrosoft CorporationAdobe Inc.Apple Inc.
Product-windowsmac_os_xunixcoldfusionn/aColdFusion
CWE ID-CWE-287
Improper Authentication
CVE-2013-0900
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.93% / 76.39%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxmac_os_xwindowschromelinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2013-0889
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.29% / 79.92%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2013-0893
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 63.28%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2013-0543
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.61%
||
7 Day CHG~0.00%
Published-24 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationSun Microsystems (Oracle Corporation)Linux Kernel Organization, IncHP Inc.
Product-websphere_application_serverhp-uxlinux_kernelsunosn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-29667
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.31% / 54.51%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 16:32
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scalelinux_kernelSpectrum Scale
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 11
  • 12
  • Next
Details not found