Skip to main content
CVE-2018-4937 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-4935 HIGH POC PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
26.5%
CVE-2018-11239 HIGH POC This Week

An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Hexagon
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-4943 HIGH This Week

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Push Notifications
NVD
CVSS 3.0
8.8
EPSS
6.9%
CVE-2018-4932 HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Adobe RCE Use After Free Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2018-4920 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2018-4919 HIGH PATCH This Week

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Use After Free Denial Of Service Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2018-4992 HIGH This Week

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-4938 HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Coldfusion
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-4928 HIGH This Week

Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
4.4%
CVE-2018-4927 HIGH This Week

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Indesign
NVD
CVSS 3.0
7.8
EPSS
3.7%
CVE-2018-4873 HIGH This Week

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-4994 HIGH This Week

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Information Disclosure Connect
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2018-4942 HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2018-4925 HIGH This Week

Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Digital Editions
NVD
CVSS 3.0
7.5
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy