CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42725 863 Bypass 2021-11-16 2021-11-17
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.
2 CVE-2021-40732 476 DoS 2021-10-13 2021-10-27
5.8
None Remote Medium Not required Partial None Partial
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
3 CVE-2021-36044 20 2021-09-01 2021-09-08
5.0
None Remote Low Not required None None Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.
4 CVE-2021-36030 20 2021-09-01 2021-09-08
5.0
None Remote Low Not required None Partial None
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.
5 CVE-2021-28626 287 2021-08-24 2021-08-31
5.0
None Remote Low Not required None None Partial
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.
6 CVE-2021-21083 284 2021-06-28 2021-07-02
5.0
None Remote Low Not required None None Partial
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.
7 CVE-2021-21073 125 2021-03-12 2021-03-16
5.8
None Remote Medium Not required Partial None Partial
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8 CVE-2021-21013 863 2021-01-13 2021-06-28
5.5
None Remote Low ??? Partial Partial None
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
9 CVE-2020-24444 918 2020-12-10 2020-12-14
5.0
None Remote Low Not required Partial None None
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.
10 CVE-2020-9733 269 2020-09-10 2021-09-14
5.0
None Remote Low Not required Partial None None
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
11 CVE-2020-9708 22 Dir. Trav. 2020-08-14 2020-08-21
5.0
None Remote Low Not required Partial None None
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
12 CVE-2020-9663 22 Dir. Trav. 2020-07-22 2020-07-23
5.0
None Remote Low Not required Partial None None
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure.
13 CVE-2020-9645 918 2020-06-12 2020-06-15
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
14 CVE-2020-9643 918 2020-06-12 2020-06-15
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
15 CVE-2020-8818 346 Bypass 2020-02-25 2020-03-05
5.5
None Remote Low ??? Partial Partial None
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
16 CVE-2020-3769 918 2020-03-25 2020-03-27
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
17 CVE-2020-3761 200 +Info 2020-03-25 2021-07-21
5.0
None Remote Low Not required Partial None None
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
18 CVE-2020-3759 119 Overflow 2020-02-13 2021-07-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure.
19 CVE-2020-3741 400 2020-02-13 2020-02-25
5.0
None Remote Low Not required None None Partial
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.
20 CVE-2019-16469 917 2020-01-15 2020-08-24
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
21 CVE-2019-16468 200 +Info 2020-01-15 2021-07-21
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
22 CVE-2019-8087 611 2019-10-25 2019-10-28
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
23 CVE-2019-8086 611 2019-10-25 2019-10-28
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
24 CVE-2019-8082 611 2019-10-25 2019-10-28
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
25 CVE-2019-8081 Bypass 2019-10-25 2020-08-24
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
26 CVE-2019-8072 200 Bypass +Info 2019-09-27 2021-07-21
5.0
None Remote Low Not required Partial None None
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
27 CVE-2019-7955 79 XSS 2019-07-18 2019-07-19
5.8
None Remote Medium Not required Partial Partial None
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
28 CVE-2018-19718 200 +Info 2019-01-18 2019-01-22
5.0
None Remote Low Not required Partial None None
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
29 CVE-2018-15980 125 2018-11-29 2018-12-04
5.0
None Remote Low Not required Partial None None
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
30 CVE-2018-15964 200 +Info 2018-09-25 2020-09-04
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
31 CVE-2018-15963 Bypass 2018-09-25 2020-09-04
5.0
None Remote Low Not required None Partial None
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
32 CVE-2018-15962 200 +Info 2018-09-25 2020-09-04
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
33 CVE-2018-12821 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
34 CVE-2018-12820 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
35 CVE-2018-12819 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
36 CVE-2018-12818 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
37 CVE-2018-12817 125 2019-01-18 2019-01-23
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
38 CVE-2018-12816 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
39 CVE-2018-12809 918 2018-07-20 2018-09-17
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
40 CVE-2018-12807 20 Bypass 2018-08-29 2018-11-08
5.0
None Remote Low Not required None Partial None
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.
41 CVE-2018-5006 918 2018-07-20 2018-09-17
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
42 CVE-2018-5004 918 2018-07-20 2018-09-17
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
43 CVE-2018-4994 Bypass 2018-05-19 2020-08-24
5.0
None Remote Low Not required Partial None None
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
44 CVE-2018-4942 611 2018-05-19 2020-05-15
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
45 CVE-2017-16366 Bypass 2017-12-09 2019-10-03
5.0
None Remote Low Not required None Partial None
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.
46 CVE-2017-11301 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
47 CVE-2017-11300 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
48 CVE-2017-11299 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
49 CVE-2017-11298 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
50 CVE-2017-11297 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
Total number of vulnerabilities : 143   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.