Vulnerabilities > Adobe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-08 | CVE-2008-5362 | Improper Input Validation vulnerability in Adobe AIR and Flash Player The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | 4.3 |
| 2008-12-08 | CVE-2008-5361 | Resource Management Errors vulnerability in Adobe AIR and Flash Player The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | 4.3 |
| 2008-12-05 | CVE-2008-5331 | Cryptographic Issues vulnerability in Adobe Acrobat 9/9.0 Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. | 7.5 |
| 2008-11-25 | CVE-2008-5109 | Configuration vulnerability in Adobe Flash Media Server 3.0/3.5 The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | 5.0 |
| 2008-11-17 | CVE-2008-5108 | Code Injection vulnerability in Adobe AIR Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. | 6.8 |
| 2008-11-17 | CVE-2008-4824 | Improper Input Validation vulnerability in Adobe Flash Player Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | 9.3 |
| 2008-11-10 | CVE-2008-4831 | Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion 7.2/8.0/8.0.1 Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. | 7.2 |
| 2008-11-10 | CVE-2008-4823 | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. | 4.3 |
| 2008-11-10 | CVE-2008-4822 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. | 6.8 |
| 2008-11-10 | CVE-2008-4821 | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. | 4.3 |