Vulnerabilities (CVE)

Filtered by vendor Adobe Subscribe
Total 6501 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0667 1 Adobe 1 Acrobat Reader 2025-04-09 4.3 MEDIUM N/A
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2008-3961 1 Adobe 1 Illustrator 2025-04-09 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.
CVE-2008-4831 1 Adobe 1 Coldfusion 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
CVE-2009-2990 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
CVE-2009-3798 1 Adobe 2 Adobe Air, Flash Player 2025-04-09 9.3 HIGH N/A
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
CVE-2007-4651 1 Adobe 1 Connect Enterprise Server 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
CVE-2007-6243 1 Adobe 1 Flash Player 2025-04-09 9.3 HIGH N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2008-0644 1 Adobe 1 Coldfusion 2025-04-09 5.0 MEDIUM N/A
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
CVE-2009-3465 1 Adobe 1 Shockwave Player 2025-04-09 9.3 HIGH N/A
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
CVE-2009-2997 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
CVE-2007-6019 1 Adobe 4 Air, Flash, Flash Player and 1 more 2025-04-09 9.3 HIGH N/A
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
CVE-2009-0510 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
CVE-2007-5275 1 Adobe 1 Shockwave Player 2025-04-09 5.0 MEDIUM N/A
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
CVE-2008-4473 2 Adobe, Microsoft 2 Flash Player, Windows 2025-04-09 9.3 HIGH N/A
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
CVE-2008-4401 1 Adobe 1 Flash Player 2025-04-09 10.0 HIGH N/A
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
CVE-2009-2981 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
CVE-2009-3953 5 Adobe, Apple, Microsoft and 2 more 6 Acrobat, Mac Os X, Windows and 3 more 2025-04-09 10.0 HIGH 8.8 HIGH
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
CVE-2007-0047 1 Adobe 1 Acrobat Reader 2025-04-09 6.8 MEDIUM N/A
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
CVE-2008-2640 1 Adobe 2 Flex, Flex Builder 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.
CVE-2008-5363 1 Adobe 2 Air, Flash Player 2025-04-09 4.3 MEDIUM N/A
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.