CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9663
https://notcve.org/view.php?id=CVE-2020-9663
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. Adobe Reader Mobile versiones 20.0.1 y anteriores, presenta una vulnerabilidad salto de directorio. Una explotación con éxito podría conllevar a la divulgación de información • https://helpx.adobe.com/security/products/reader-mobile/apsb20-50.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 77%CPEs: 2EXPL: 6CVE-2014-0514 – Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution
https://notcve.org/view.php?id=CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. La aplicación Adobe Reader Mobile anterior a 11.2 para Android no restringe debidamente el uso de JavaScript, lo que permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF manipulado, un problema relacionado con CVE-2012-6636. • https://www.exploit-db.com/exploits/32884 https://www.exploit-db.com/exploits/33791 http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html http://seclists.org/fulldisclosure/2014/Apr/192 http://www.exploit-db.com/exploits/32884 http://www.exploit-db.com/exploits/33791 http://www.osvdb.org/105781 http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 5CVE-2011-0611 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0611
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. Adobe Flash Player anterior a la versión 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versión 2.6.19140; y Authplay.dll (también se conoce como AuthPlayLib.bundle) en Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x hasta 10.0.1 en Windows, Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de aplicación) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tamaño en un "group of included constants", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011. Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. • https://www.exploit-db.com/exploits/17473 https://www.exploit-db.com/exploits/17175 http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://lists.opensuse.org/open • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •