VARIoT IoT vulnerabilities database
| VAR-201605-0551 | CVE-2016-1393 | Cisco Cloud Network Automation Provisioner In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: 7.1 Severity: HIGH |
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue being tracked by Cisco Bug ID CSCuy72175
| VAR-201605-0347 | CVE-2016-4498 | Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: 5.5 Severity: MEDIUM |
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions
| VAR-201605-0384 | CVE-2016-1042 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. This vulnerability CVE-2016-1038 , CVE-2016-1039 , CVE-2016-1040 , CVE-2016-1041 , CVE-2016-1044 , CVE-2016-1062 ,and CVE-2016-1117 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANProxyAuthenticateResource method. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass certain security restrictions. Successful exploitation will allow an attacker to take control of the affected system. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
| VAR-201605-0382 | CVE-2016-1048 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the Page prePrint event. A specially crafted prePrint event can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
| VAR-201605-0381 | CVE-2016-1046 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the prePrint XFA event. A specially crafted prePrint event can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
| VAR-201605-0380 | CVE-2016-1043 | Windows and Mac OS X Run on Adobe Reader and Acrobat Integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XFA FormCalc. A specially crafted replace call can trigger an integer overflow condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Reader and Acrobat are prone to an integer-overflow vulnerability. Failed exploit attempts will likely result in denial-of-service conditions.
Note: This issue was previously titled 'Adobe Reader and Acrobat CVE-2016-1043 Unspecified Integer Overflow Vulnerability'. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201605-0379 | CVE-2016-1047 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the signatureSetSeedValue method. Specially crafted arguments passed to signatureSetSeedValue can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
| VAR-201605-0378 | CVE-2016-1044 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117. This vulnerability CVE-2016-1038 , CVE-2016-1039 , CVE-2016-1040 , CVE-2016-1041 , CVE-2016-1042 , CVE-2016-1062 ,and CVE-2016-1117 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CBSharedReviewIfOfflineDialog method. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass certain security restrictions. Successful exploitation will allow an attacker to take control of the affected system. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
| VAR-201605-0310 | CVE-2016-1124 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. Adobe Reader and Acrobat are prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions.
Note: This issue was previously titled 'Adobe Reader and Acrobat APSB16-14 Multiple Unspecified Memory Corruption Vulnerabilities'. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0309 | CVE-2016-1123 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0308 | CVE-2016-1122 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
| VAR-201605-0307 | CVE-2016-1121 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
| VAR-201605-0306 | CVE-2016-1120 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0304 | CVE-2016-1118 | Windows and Mac OS X Run on Adobe Reader and Acrobat In Vulnerability in arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0302 | CVE-2016-1116 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0303 | CVE-2016-1117 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1062. This vulnerability CVE-2016-1038 , CVE-2016-1039 , CVE-2016-1040 , CVE-2016-1041 , CVE-2016-1042 , CVE-2016-1044 ,and CVE-2016-1062 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API Execution restrictions may be avoided. Authentication is not required to exploit this vulnerability.The specific flaw exists within handling URL's passed to app.launchURL. A specially crafted cURL passed to app.launchURL can force a command to be executed. A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass certain security restrictions. Successful exploitation will allow an attacker to take control of the affected system. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
| VAR-201605-0298 | CVE-2016-1112 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability in which important information is obtained |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. are all products of Adobe (Adobe) in the United States. An information disclosure vulnerability exists in several Adobe products
| VAR-201605-0294 | CVE-2016-1130 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0293 | CVE-2016-1129 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products
| VAR-201605-0292 | CVE-2016-1128 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Reader and Acrobat are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A memory corruption vulnerability exists in several Adobe products