CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42268 476 2021-11-18 2021-11-18
4.3
None Remote Medium Not required None None Partial
Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2 CVE-2021-40716 125 Bypass 2021-09-29 2021-10-07
4.3
None Remote Medium Not required Partial None None
XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
3 CVE-2021-40714 79 XSS 2021-09-27 2021-10-01
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
4 CVE-2021-40713 295 2021-09-27 2021-10-01
4.3
None Remote Medium Not required Partial None None
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.
5 CVE-2021-40712 20 DoS 2021-09-27 2021-10-01
4.0
None Remote Low ??? None None Partial
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.
6 CVE-2021-40697 125 Bypass 2021-09-29 2021-10-04
4.3
None Remote Medium Not required Partial None None
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7 CVE-2021-39865 125 Bypass 2021-09-29 2021-10-04
4.3
None Remote Medium Not required Partial None None
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8 CVE-2021-39864 352 CSRF 2021-10-15 2021-10-21
4.3
None Remote Medium Not required None Partial None
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.
9 CVE-2021-39862 125 Bypass 2021-09-29 2021-10-04
4.3
None Remote Medium Not required Partial None None
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10 CVE-2021-36063 79 XSS 2021-09-01 2021-09-09
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
11 CVE-2021-36062 79 XSS 2021-09-01 2021-09-09
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
12 CVE-2021-36061 657 2021-09-01 2021-09-09
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.
13 CVE-2021-36058 190 DoS Overflow 2021-09-01 2021-10-27
4.3
None Remote Medium Not required None None Partial
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
14 CVE-2021-36054 122 DoS Overflow 2021-09-01 2021-10-27
4.3
None Remote Medium Not required None None Partial
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
15 CVE-2021-36053 125 Bypass 2021-09-01 2021-10-27
4.3
None Remote Medium Not required Partial None None
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
16 CVE-2021-36045 125 Bypass 2021-09-01 2021-10-27
4.3
None Remote Medium Not required Partial None None
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
17 CVE-2021-36039 863 2021-09-01 2021-09-08
4.0
None Remote Low ??? Partial None None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information.
18 CVE-2021-36038 20 2021-09-01 2021-09-08
4.0
None Remote Low ??? Partial None None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.
19 CVE-2021-36037 863 2021-09-01 2021-09-08
4.0
None Remote Low ??? Partial None None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.
20 CVE-2021-36027 79 XSS 2021-09-01 2021-09-08
4.3
None Remote Medium Not required None Partial None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
21 CVE-2021-36026 79 XSS 2021-09-01 2021-09-08
4.3
None Remote Medium Not required None Partial None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
22 CVE-2021-36012 840 2021-09-01 2021-09-08
4.0
None Remote Low ??? None Partial None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.
23 CVE-2021-36002 379 2021-09-01 2021-09-10
4.4
None Local Medium Not required Partial Partial Partial
Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.
24 CVE-2021-35988 125 2021-08-20 2021-09-01
4.3
None Remote Medium Not required Partial None None
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
25 CVE-2021-35987 125 2021-08-20 2021-09-01
4.3
None Remote Medium Not required Partial None None
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
26 CVE-2021-35986 843 2021-08-20 2021-11-06
4.3
None Remote Medium Not required Partial None None
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
27 CVE-2021-35985 476 2021-08-20 2021-09-01
4.3
None Remote Medium Not required None None Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
28 CVE-2021-35984 476 2021-08-20 2021-09-01
4.0
None Remote Low ??? None None Partial
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.
29 CVE-2021-28643 843 2021-08-20 2021-08-26
4.3
None Remote Medium Not required Partial None None
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
30 CVE-2021-28628 79 XSS 2021-08-24 2021-08-31
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
31 CVE-2021-28625 79 XSS 2021-08-24 2021-08-31
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
32 CVE-2021-28579 269 2021-06-28 2021-07-02
4.0
None Remote Low ??? Partial None None
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.
33 CVE-2021-21084 79 XSS 2021-06-28 2021-07-02
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
34 CVE-2021-21080 79 XSS 2021-03-12 2021-06-11
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
35 CVE-2021-21079 79 XSS 2021-03-12 2021-06-11
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
36 CVE-2021-21068 379 2021-03-12 2021-06-11
4.4
None Local Medium Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.
37 CVE-2021-21043 787 XSS 2021-02-02 2021-07-23
4.3
None Remote Medium Not required None Partial None
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.
38 CVE-2020-24443 79 XSS 2020-11-12 2020-11-17
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
39 CVE-2020-24442 79 XSS 2020-11-12 2020-11-17
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
40 CVE-2020-24441 284 2020-11-12 2020-11-23
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.
41 CVE-2020-24416 79 XSS 2020-10-20 2020-10-22
4.3
None Remote Medium Not required None Partial None
Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
42 CVE-2020-9743 79 XSS 2020-09-10 2021-09-14
4.3
None Remote Medium Not required None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
43 CVE-2020-9673 426 2020-07-17 2020-07-22
4.4
None Local Medium Not required Partial Partial Partial
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
44 CVE-2020-9672 426 2020-07-17 2020-07-22
4.4
None Local Medium Not required Partial Partial Partial
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
45 CVE-2020-9651 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
46 CVE-2020-9649 125 2020-07-17 2020-07-22
4.3
None Remote Medium Not required Partial None None
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
47 CVE-2020-9648 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
48 CVE-2020-9647 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
49 CVE-2020-3796 200 +Info 2020-06-26 2021-07-21
4.3
None Remote Medium Not required Partial None None
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
50 CVE-2020-3768 426 2020-06-26 2020-07-01
4.4
None Local Medium Not required Partial Partial Partial
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
Total number of vulnerabilities : 232   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.