Skip to main content
CVE-2018-4937 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-4935 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-11239 HIGH POC This Week

An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Hexagon
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-4936 MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
29.1%
CVE-2018-4934 MEDIUM POC PATCH THREAT This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
23.4%
CVE-2018-4991 CRITICAL Act Now

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Creative Cloud
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2018-4944 CRITICAL Act Now

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
9.0%
CVE-2018-4939 CRITICAL KEV THREAT Act Now

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
63.3%
CVE-2018-4924 CRITICAL Act Now

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Dreamweaver
NVD
CVSS 3.0
9.8
EPSS
14.5%
CVE-2018-4918 CRITICAL Act Now

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Acrobat +3
NVD
CVSS 3.1
9.8
EPSS
12.2%
CVE-2018-4917 CRITICAL Act Now

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Acrobat 2017 +3
NVD
CVSS 3.1
9.8
EPSS
17.8%
CVE-2018-4923 CRITICAL Act Now

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Command Injection Connect
NVD
CVSS 3.0
9.1
EPSS
9.5%
CVE-2018-4943 HIGH This Week

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Push Notifications
NVD
CVSS 3.0
8.8
EPSS
6.9%
CVE-2018-4932 HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Adobe RCE Use After Free Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2018-4920 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2018-4919 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Use After Free Denial Of Service Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2018-4992 HIGH This Week

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-4938 HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Coldfusion
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-4928 HIGH This Week

Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
4.4%
CVE-2018-4927 HIGH This Week

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Indesign
NVD
CVSS 3.0
7.8
EPSS
3.7%
CVE-2018-4873 HIGH This Week

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-4994 HIGH This Week

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Information Disclosure Connect
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2018-4942 HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2018-4925 HIGH This Week

Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Digital Editions
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-4933 MEDIUM This Month

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
6.5
EPSS
4.8%
CVE-2018-4941 MEDIUM This Month

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-4940 MEDIUM This Month

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-4931 MEDIUM This Month

Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4930 MEDIUM This Month

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4929 MEDIUM This Month

Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4921 MEDIUM This Month

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Information Disclosure Connect
NVD
CVSS 3.0
6.1
EPSS
4.2%
CVE-2018-4926 MEDIUM This Month

Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Buffer Overflow Digital Editions
NVD
CVSS 3.0
5.5
EPSS
6.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy