CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities (CVSS score between 5 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-23203 120 Exec Code Overflow 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Photoshop.
2 CVE-2022-23202 427 Exec Code 2022-02-16 2022-02-24
5.1
None Remote High Not required Partial Partial Partial
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector.
3 CVE-2021-43762 20 Bypass 2022-01-13 2022-01-19
6.4
None Remote Low Not required Partial Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.
4 CVE-2021-42725 788 Exec Code Mem. Corr. 2021-11-16 2022-03-16
5.0
None Remote Low Not required Partial None None
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
5 CVE-2021-42720 125 Exec Code 2022-03-16 2022-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
6 CVE-2021-42719 125 Exec Code 2022-03-16 2022-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7 CVE-2021-42533 415 Exec Code 2022-03-16 2022-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
8 CVE-2021-42528 476 2022-05-02 2022-05-11
7.1
None Remote Medium Not required None None Complete
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
9 CVE-2021-40732 476 DoS 2021-10-13 2022-02-04
5.8
None Remote Medium Not required Partial None Partial
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
10 CVE-2021-40722 611 2022-01-13 2022-01-19
7.5
None Remote Low Not required Partial Partial Partial
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
11 CVE-2021-40719 502 Exec Code 2021-10-21 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
12 CVE-2021-39825 787 Exec Code 2021-09-27 2021-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file.
13 CVE-2021-39819 119 Exec Code Overflow Mem. Corr. 2021-09-27 2022-04-25
6.8
None Remote Medium Not required Partial Partial Partial
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
14 CVE-2021-39818 119 Exec Code Overflow Mem. Corr. 2021-09-27 2022-04-25
6.8
None Remote Medium Not required Partial Partial Partial
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
15 CVE-2021-36052 788 Exec Code Mem. Corr. 2021-09-01 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
16 CVE-2021-36051 120 Exec Code Overflow 2021-10-04 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.
17 CVE-2021-36044 20 2021-09-01 2021-09-08
5.0
None Remote Low Not required None None Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.
18 CVE-2021-36043 918 Exec Code 2021-09-01 2021-09-08
6.0
None Remote Medium ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled.
19 CVE-2021-36042 20 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.
20 CVE-2021-36041 20 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.
21 CVE-2021-36040 20 Exec Code Bypass 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution.
22 CVE-2021-36035 20 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution.
23 CVE-2021-36034 20 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.
24 CVE-2021-36033 91 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
25 CVE-2021-36032 20 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
26 CVE-2021-36031 22 Exec Code Dir. Trav. 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.
27 CVE-2021-36030 20 2021-09-01 2021-09-08
5.0
None Remote Low Not required None Partial None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.
28 CVE-2021-36029 285 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.
29 CVE-2021-36028 91 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
30 CVE-2021-36025 20 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to achieve remote code execution.
31 CVE-2021-36024 77 Exec Code 2021-09-01 2022-04-25
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.
32 CVE-2021-36022 74 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
33 CVE-2021-36020 91 Exec Code 2021-09-01 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution.
34 CVE-2021-36013 125 Exec Code 2021-08-23 2021-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
35 CVE-2021-35993 787 Exec Code 2021-09-02 2021-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
36 CVE-2021-35983 416 Exec Code 2021-08-20 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
37 CVE-2021-35981 416 Exec Code 2021-08-20 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
38 CVE-2021-28642 787 Exec Code 2021-08-20 2021-08-26
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
39 CVE-2021-28641 416 Exec Code 2021-08-20 2021-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
40 CVE-2021-28640 416 Exec Code 2021-08-20 2021-08-26
6.0
None Remote Medium ??? Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
41 CVE-2021-28638 122 Exec Code Overflow 2021-08-20 2021-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
42 CVE-2021-28627 918 2021-08-24 2021-08-31
6.5
None Remote Low ??? Partial Partial Partial
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.
43 CVE-2021-28626 2021-08-24 2022-04-25
5.0
None Remote Low Not required None None Partial
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.
44 CVE-2021-21085 20 Exec Code 2021-03-12 2021-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.
45 CVE-2021-21083 284 2021-06-28 2021-07-02
5.0
None Remote Low Not required None None Partial
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.
46 CVE-2021-21082 788 Exec Code Mem. Corr. 2021-03-12 2021-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
47 CVE-2021-21073 125 2021-03-12 2021-03-16
5.8
None Remote Medium Not required Partial None Partial
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
48 CVE-2021-21013 863 2021-01-13 2021-12-10
5.5
None Remote Low ??? Partial Partial None
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
49 CVE-2020-24444 918 2020-12-10 2020-12-14
5.0
None Remote Low Not required Partial None None
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.
50 CVE-2020-24422 427 Exec Code 2020-10-21 2020-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Total number of vulnerabilities : 339   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.