Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-14 | CVE-2015-3040 | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. | 5.0 |
| 2015-04-14 | CVE-2015-0357 | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. | 5.0 |
| 2015-03-13 | CVE-2015-0340 | File Upload Restriction Security Bypass vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. | 5.0 |
| 2015-03-13 | CVE-2015-0337 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 5.0 |
| 2015-01-13 | CVE-2015-0302 | Information Disclosure vulnerability in Adobe Flash Player and AIR Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. | 5.0 |
| 2014-12-10 | CVE-2014-9166 | Unspecified vulnerability in Adobe Coldfusion 10.0/11.0 Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors. | 5.0 |
| 2014-12-10 | CVE-2014-8453 | Permissions, Privileges, and Access Controls vulnerability in multiple products Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | 5.0 |
| 2014-12-10 | CVE-2014-8452 | Information Exposure vulnerability in multiple products Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-12-10 | CVE-2014-8451 | Information Exposure vulnerability in multiple products An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | 5.0 |
| 2014-12-10 | CVE-2014-8448 | Information Exposure vulnerability in multiple products An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | 5.0 |