National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os:8.0
There are 100 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-7493

CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Published: March 05, 2018; 03:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-11305

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Published: December 13, 2017; 04:29:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-11292

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

Published: October 22, 2017; 03:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-3106

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Published: August 11, 2017; 03:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2017-3085

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Published: August 11, 2017; 03:29:02 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3100

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

Published: July 17, 2017; 09:18:26 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3099

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.

Published: July 17, 2017; 09:18:26 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3080

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

Published: July 17, 2017; 09:18:26 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3074

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3073

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3072

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3071

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3070

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3069

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3068

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

Published: May 09, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-7886

Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: December 15, 2016; 01:59:50 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-6992

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."

Published: October 13, 2016; 04:00:08 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-6990

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6989.

Published: October 13, 2016; 04:00:05 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-6989

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6990.

Published: October 13, 2016; 04:00:03 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-6987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981.

Published: October 13, 2016; 03:59:59 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH