ReportizFlow
Filtered by vendor Adobe
Subscriptions
Total
7293 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3640 | 1 Adobe | 1 Adobe Air | 2026-04-23 | N/A |
| Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE. | ||||
| CVE-2007-3456 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. | ||||
| CVE-2007-3457 | 1 Adobe | 1 Flash Player | 2026-04-23 | N/A |
| Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | ||||
| CVE-2007-2365 | 1 Adobe | 4 Golive, Illustrator, Photoshop and 1 more | 2026-04-23 | N/A |
| Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | ||||
| CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2026-04-23 | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
| CVE-2007-1280 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, All Windows | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | ||||
| CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2026-04-23 | N/A |
| AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | ||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | ||||
| CVE-2007-0045 | 2 Adobe, Redhat | 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | ||||
| CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2026-04-23 | N/A |
| CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | ||||
| CVE-2007-0048 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2026-04-23 | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | ||||
| CVE-2007-0071 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. | ||||
| CVE-2007-0103 | 1 Adobe | 1 Acrobat Reader | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | ||||
| CVE-2006-6236 | 1 Adobe | 1 Acrobat Reader | 2026-04-23 | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | ||||
| CVE-2006-5859 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | ||||
| CVE-2006-5860 | 1 Adobe | 2 Coldfusion, Jrun | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2007-6242 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | ||||
| CVE-2007-6243 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | ||||
| CVE-2007-6246 | 3 Adobe, Linux, Redhat | 3 Flash Player, Linux Kernel, Rhel Extras | 2026-04-23 | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | ||||