Filtered by vendor Adobe
Subscribe
Total
6185 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | |||||
CVE-2002-1764 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 2.1 LOW | N/A |
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 4.6 MEDIUM | N/A |
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | |||||
CVE-2005-0151 | 1 Adobe | 3 Creative Suite, Photoshop, Premiere | 2025-04-03 | 7.5 HIGH | N/A |
Unknown vulnerability in the installation of Adobe License Management Service, as used in Adobe Photoshop CS, Adobe Creative Suite 1.0, and Adobe Premiere Pro 1.5, allows attackers to gain administrator privileges. | |||||
CVE-2004-0194 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | |||||
CVE-2001-1069 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.2 HIGH | N/A |
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. | |||||
CVE-2006-3587 | 1 Adobe | 1 Flash Player | 2025-04-03 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. | |||||
CVE-2006-3453 | 1 Adobe | 1 Acrobat | 2025-04-03 | 5.1 MEDIUM | N/A |
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. | |||||
CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2025-04-03 | 5.1 MEDIUM | N/A |
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | |||||
CVE-2006-1182 | 1 Adobe | 2 Document Server, Graphics Server | 2025-04-03 | 2.6 LOW | N/A |
Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command. | |||||
CVE-2005-0918 | 2 Adobe, Microsoft | 2 Svg Viewer, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. | |||||
CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | |||||
CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2025-04-03 | 9.3 HIGH | N/A |
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | |||||
CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2025-04-03 | 2.1 LOW | N/A |
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | |||||
CVE-2006-0525 | 1 Adobe | 9 Acrobat, Acrobat Reader, Creative Suite and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. | |||||
CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2025-04-03 | 5.0 MEDIUM | N/A |
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. | |||||
CVE-2006-2042 | 1 Adobe | 1 Dreamweaver | 2025-04-03 | 7.5 HIGH | N/A |
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. | |||||
CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2025-04-03 | 4.6 MEDIUM | N/A |
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | |||||
CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
CVE-2006-1787 | 1 Adobe | 1 Document Server | 2025-04-03 | 2.6 LOW | N/A |
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. |