CVE-2014-8068
https://notcve.org/view.php?id=CVE-2014-8068
Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information. Adobe Digital Editions (DE) 4 no utiliza la codificación para la transmisión de datos a adelogs.adobe.com, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red, tal y como fue demostrado por la información de la navegación por libros. • http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text http://secunia.com/advisories/61551 http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries http://twitter.com/AdobeSecurity/statuses/519826275008282624 https://exchange.xforce.ibmcloud.com/vulnerabilities/97696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0494
https://notcve.org/view.php?id=CVE-2014-0494
Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Adobe Digital Editions 2.0.1 permite a atacantes ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores no especificados. • http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html http://osvdb.org/102364 http://secunia.com/advisories/56578 http://www.securityfocus.com/bid/65091 http://www.securitytracker.com/id/1029680 https://exchange.xforce.ibmcloud.com/vulnerabilities/90648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1377
https://notcve.org/view.php?id=CVE-2013-1377
Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Digital Editions 2.x anterior a 2.0.1 permite a atacantes la ejecución arbitraria de código o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb13-20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-1017
https://notcve.org/view.php?id=CVE-2002-1017
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. • http://online.securityfocus.com/archive/1/285093 http://www.iss.net/security_center/static/9740.php http://www.securityfocus.com/bid/5358 •
CVE-2002-1016 – Adobe eBook Reader 2.2 - File Restoration Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-1016
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. • https://www.exploit-db.com/exploits/21629 http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000177.html http://www.iss.net/security_center/static/9634.php http://www.kb.cert.org/vuls/id/438867 http://www.securityfocus.com/bid/5273 •