Vulnerabilities > Adobe > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-16 | CVE-2016-4164 | Cross-site Scripting vulnerability in Adobe Brackets 1.6 Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2016-06-16 | CVE-2016-4159 | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2016-05-11 | CVE-2016-1115 | Improper Input Validation vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | 5.9 |
2016-05-11 | CVE-2016-1113 | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2016-04-22 | CVE-2016-1036 | Cross-site Scripting vulnerability in Adobe Analytics Appmeasurement for Flash Library 4.0 Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2016-02-10 | CVE-2016-0955 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0 Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | 6.1 |
2016-02-10 | CVE-2016-0950 | 7PK - Security Features vulnerability in Adobe Connect Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | 5.3 |
2010-05-13 | CVE-2010-1282 | Infinite Loop vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | 6.5 |
2010-02-15 | CVE-2009-3960 | Unspecified vulnerability in Adobe products Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents. | 6.5 |