Vulnerabilities > Unix > Critical

DATE CVE VULNERABILITY TITLE RISK
2011-12-16 CVE-2011-4369 Unspecified vulnerability in Adobe Acrobat and Acrobat Reader
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
network
low complexity
adobe apple microsoft unix
critical
10.0
2010-01-13 CVE-2009-3959 Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
network
low complexity
adobe apple microsoft unix CWE-189
critical
10.0
2010-01-13 CVE-2009-3958 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
network
low complexity
adobe apple microsoft unix CWE-119
critical
10.0
2010-01-13 CVE-2009-3956 Configuration vulnerability in Adobe Acrobat and Acrobat Reader
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
network
low complexity
adobe apple microsoft unix CWE-16
critical
10.0
2010-01-13 CVE-2009-3954 Code Injection vulnerability in Adobe Acrobat and Acrobat Reader
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html Affected software versions Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).
network
low complexity
adobe apple microsoft unix CWE-94
critical
10.0
2009-04-09 CVE-2009-1251 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
network
low complexity
unix openafs CWE-119
critical
10.0
2007-11-20 CVE-2007-6053 Resource Management Errors vulnerability in IBM DB2 Universal Database
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
network
linux microsoft unix ibm CWE-399
critical
9.3
2007-11-20 CVE-2007-6051 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact.
network
low complexity
linux microsoft unix ibm CWE-264
critical
10.0
2007-11-20 CVE-2007-6048 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors.
network
low complexity
linux microsoft unix ibm CWE-264
critical
10.0
2007-11-20 CVE-2007-6047 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
network
low complexity
linux microsoft unix ibm CWE-264
critical
10.0