# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-23202 |
427 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector. |
2 |
CVE-2021-40732 |
476 |
|
DoS |
2021-10-13 |
2022-02-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file. |
3 |
CVE-2021-36044 |
20 |
|
|
2021-09-01 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. |
4 |
CVE-2021-36030 |
20 |
|
|
2021-09-01 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items. |
5 |
CVE-2021-28626 |
|
|
|
2021-08-24 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction. |
6 |
CVE-2021-21083 |
|
|
|
2021-06-28 |
2022-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user. |
7 |
CVE-2021-21073 |
125 |
|
|
2021-03-12 |
2021-03-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
8 |
CVE-2021-21013 |
863 |
|
|
2021-01-13 |
2022-08-05 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account. |
9 |
CVE-2020-24444 |
918 |
|
|
2020-12-10 |
2020-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. |
10 |
CVE-2020-9733 |
269 |
|
|
2020-09-10 |
2021-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. |
11 |
CVE-2020-9708 |
22 |
|
Dir. Trav. |
2020-08-14 |
2020-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. |
12 |
CVE-2020-9663 |
22 |
|
Dir. Trav. |
2020-07-22 |
2020-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. |
13 |
CVE-2020-9645 |
918 |
|
|
2020-06-12 |
2020-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. |
14 |
CVE-2020-9643 |
918 |
|
|
2020-06-12 |
2020-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. |
15 |
CVE-2020-8818 |
346 |
|
Bypass |
2020-02-25 |
2020-03-05 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. |
16 |
CVE-2020-3769 |
918 |
|
|
2020-03-25 |
2020-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. |
17 |
CVE-2020-3761 |
200 |
|
+Info |
2020-03-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. |
18 |
CVE-2020-3759 |
119 |
|
Overflow |
2020-02-13 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. |
19 |
CVE-2020-3741 |
400 |
|
|
2020-02-13 |
2020-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service. |
20 |
CVE-2019-16469 |
917 |
|
|
2020-01-15 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
21 |
CVE-2019-16468 |
200 |
|
+Info |
2020-01-15 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
22 |
CVE-2019-8087 |
611 |
|
|
2019-10-25 |
2019-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
23 |
CVE-2019-8086 |
611 |
|
|
2019-10-25 |
2019-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
24 |
CVE-2019-8082 |
611 |
|
|
2019-10-25 |
2019-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
25 |
CVE-2019-8081 |
|
|
Bypass |
2019-10-25 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. |
26 |
CVE-2019-8072 |
200 |
|
Bypass +Info |
2019-09-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. |
27 |
CVE-2019-7955 |
79 |
|
XSS |
2019-07-18 |
2019-07-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. |
28 |
CVE-2018-19718 |
200 |
|
+Info |
2019-01-18 |
2019-01-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. |
29 |
CVE-2018-15980 |
125 |
|
|
2018-11-29 |
2018-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
30 |
CVE-2018-15964 |
200 |
|
+Info |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. |
31 |
CVE-2018-15963 |
|
|
Bypass |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. |
32 |
CVE-2018-15962 |
200 |
|
+Info |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. |
33 |
CVE-2018-12821 |
125 |
|
|
2018-10-17 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
34 |
CVE-2018-12820 |
125 |
|
|
2018-10-17 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
35 |
CVE-2018-12819 |
125 |
|
|
2018-10-17 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
36 |
CVE-2018-12818 |
125 |
|
|
2018-10-17 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
37 |
CVE-2018-12817 |
125 |
|
|
2019-01-18 |
2019-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
38 |
CVE-2018-12816 |
125 |
|
|
2018-10-17 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
39 |
CVE-2018-12809 |
918 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
40 |
CVE-2018-12807 |
20 |
|
Bypass |
2018-08-29 |
2018-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification. |
41 |
CVE-2018-5006 |
918 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
42 |
CVE-2018-5004 |
918 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
43 |
CVE-2018-4994 |
|
|
Bypass |
2018-05-19 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. |
44 |
CVE-2018-4942 |
611 |
|
|
2018-05-19 |
2020-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. |
45 |
CVE-2017-16366 |
|
|
Bypass |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. |
46 |
CVE-2017-11301 |
119 |
|
Overflow Mem. Corr. |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
47 |
CVE-2017-11300 |
119 |
|
Overflow Mem. Corr. |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
48 |
CVE-2017-11299 |
119 |
|
Overflow Mem. Corr. |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
49 |
CVE-2017-11298 |
119 |
|
Overflow Mem. Corr. |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
50 |
CVE-2017-11297 |
119 |
|
Overflow Mem. Corr. |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |