Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Max CVSS
7.8
EPSS Score
0.06%
Published
2009-09-30
Updated
2024-02-08
Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.19%
Published
2013-11-13
Updated
2020-09-04
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.30%
Published
2014-02-21
Updated
2018-12-13
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.58%
Published
2014-09-17
Updated
2017-08-29
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.
Max CVSS
7.8
EPSS Score
0.52%
Published
2015-07-15
Updated
2021-09-08
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors.
Max CVSS
7.8
EPSS Score
1.01%
Published
2015-11-11
Updated
2017-07-01
Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.
Max CVSS
7.8
EPSS Score
0.08%
Published
2016-01-14
Updated
2016-12-07

CVE-2016-0956

Public exploit
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
7.8
EPSS Score
2.87%
Published
2016-02-10
Updated
2018-10-09
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
Max CVSS
7.8
EPSS Score
3.34%
Published
2016-02-10
Updated
2016-02-25
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
Max CVSS
7.8
EPSS Score
0.39%
Published
2016-02-10
Updated
2016-02-18
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1090 and CVE-2016-4106.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-05-11
Updated
2016-12-01
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-4106.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-05-11
Updated
2016-12-01
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-05-11
Updated
2016-12-02
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-05-30
Updated
2017-11-29
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
Max CVSS
7.8
EPSS Score
0.08%
Published
2016-10-13
Updated
2016-11-28
Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.
Max CVSS
7.8
EPSS Score
0.18%
Published
2017-03-14
Updated
2017-07-17
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.
Max CVSS
7.8
EPSS Score
0.06%
Published
2017-04-12
Updated
2019-05-10
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
Max CVSS
7.8
EPSS Score
0.05%
Published
2017-04-12
Updated
2017-04-20
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
Max CVSS
7.8
EPSS Score
0.05%
Published
2018-05-19
Updated
2018-06-25
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-05-19
Updated
2018-06-22
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
Max CVSS
7.8
EPSS Score
0.05%
Published
2018-05-19
Updated
2020-09-04
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-05-19
Updated
2018-06-25
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
Max CVSS
7.8
EPSS Score
0.22%
Published
2018-08-29
Updated
2018-11-08
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.81%
Published
2018-10-12
Updated
2020-08-24
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
Max CVSS
7.8
EPSS Score
0.10%
Published
2018-10-17
Updated
2018-12-17
959 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!