Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7106

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-23 May, 2019 | 15:43
Updated At-04 Aug, 2024 | 20:38
Rejected At-
Credits

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:23 May, 2019 | 15:43
Updated At:04 Aug, 2024 | 20:38
Rejected At:
▼CVE Numbering Authority (CNA)

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected Products
Vendor
Adobe Inc.Adobe
Product
Adobe XD
Versions
Affected
  • 16.0 and earlier versions
Problem Types
TypeCWE IDDescription
textN/APath traversal
Type: text
CWE ID: N/A
Description: Path traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/xd/apsb19-22.html
x_refsource_CONFIRM
Hyperlink: https://helpx.adobe.com/security/products/xd/apsb19-22.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/xd/apsb19-22.html
x_refsource_CONFIRM
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/xd/apsb19-22.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:23 May, 2019 | 16:29
Updated At:24 May, 2019 | 11:09

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>xd>>Versions up to 16.0(inclusive)
cpe:2.3:a:adobe:xd:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>-
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/xd/apsb19-22.htmlpsirt@adobe.com
Patch
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/xd/apsb19-22.html
Source: psirt@adobe.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1766Records found
CVE-2009-3792
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-0.40% / 60.87%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_media_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-8074
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.73% / 91.96%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 15:20
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionCold Fusion
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7105
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.65% / 96.46%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:42
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.
Product-xdmac_os_xAdobe XD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3805
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-33.73% / 96.97%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:27
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2018-15958
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.88% / 96.76%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-16040
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2018-15982
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-93.61% / 99.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-17 Nov, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-15||The impacted product is end-of-life and should be disconnected if still in use.

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.Red Hat, Inc.Microsoft CorporationAdobe Inc.Linux Kernel Organization, Inc
Product-enterprise_linux_serverchrome_osenterprise_linux_desktopwindows_10flash_player_installerwindowslinux_kernelflash_playerwindows_8.1enterprise_linux_workstationmac_os_xn/aFlash Player
CWE ID-CWE-416
Use After Free
CVE-2018-16036
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2018-15961
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-23 Oct, 2025 | 11:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusionColdFusion
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-3745
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:47
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3754
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 85.69%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:48
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-15965
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.88% / 96.76%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-3765
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.57% / 85.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 20:35
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-after_effectswindowsAdobe After Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-16039
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2018-15957
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-51.54% / 97.91%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-3718
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.70% / 92.51%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 18:51
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento
CVE-2018-15981
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.05% / 96.07%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Google LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10enterprise_linux_desktopflash_playerFlash Player
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2020-3746
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:44
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3762
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 80.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:44
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CVE-2020-3751
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3749
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2014-9163
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.19% / 87.04%
||
7 Day CHG~0.00%
Published-10 Dec, 2014 | 21:00
Updated-21 Apr, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.Linux Kernel Organization, Inc
Product-flash_playerwindowslinux_kernelmac_os_xn/aFlash Player
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-3794
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-21.11% / 95.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:11
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-3752
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.12% / 86.91%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:47
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3750
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:48
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3763
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 80.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:43
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CVE-2020-3743
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:44
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3760
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.83% / 94.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:55
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-digital_editionswindowsAdobe Digital Editions
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-3742
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.53%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:07
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3716
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.34% / 95.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 18:50
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-8449
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-34.61% / 97.03%
||
7 Day CHG~0.00%
Published-10 Dec, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CVE-2022-28605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 81.15%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 20:11
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

Action-Not Available
Vendor-linkplayn/aApple Inc.Google LLC
Product-androidiphone_ossound_barn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2015-8051
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.46% / 90.23%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-premiere_clipn/a
CVE-2014-7169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.11% / 99.59%
||
7 Day CHG~0.00%
Published-25 Sep, 2014 | 01:00
Updated-22 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Action-Not Available
Vendor-mageian/aCanonical Ltd.Apple Inc.GNUIBM CorporationOracle CorporationF5, Inc.NovellopenSUSECheck Point Software Technologies Ltd.Citrix (Cloud Software Group, Inc.)QNAP Systems, Inc.SUSERed Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)Arista Networks, Inc.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-0505
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-17.54% / 95.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-16037
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2014-1300
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-8.53% / 92.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xn/a
CVE-2014-1303
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-44.82% / 97.60%
||
7 Day CHG~0.00%
Published-26 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0506
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-19.86% / 95.48%
||
7 Day CHG~0.00%
Published-27 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-windowsflash_playern/a
CVE-2014-0510
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-18.93% / 95.34%
||
7 Day CHG~0.00%
Published-27 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0511
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-24.70% / 96.17%
||
7 Day CHG~0.00%
Published-27 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0512
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.79% / 86.16%
||
7 Day CHG~0.00%
Published-27 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2014-4486
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-1.02% / 77.30%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xn/a
CVE-2018-12813
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.96% / 95.67%
||
7 Day CHG-0.83%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-digital_editionsAdobe Digital Editions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12829
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 81.00%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-creative_cloudAdobe Creative Cloud Desktop Application before 4.6.1
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-12848
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.49% / 95.11%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24086
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-93.74% / 99.85%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Oct, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-01||Apply updates per vendor instructions.
Adobe Commerce checkout improper input validation leads to remote code execution

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommerceMagento CommerceCommerce and Magento Open Source
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12814
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.96% / 95.67%
||
7 Day CHG-0.83%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-digital_editionsAdobe Digital Editions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12785
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.85% / 94.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12784
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-22.01% / 95.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 35
  • 36
  • Next
Details not found