| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-23203 |
120 |
|
Exec Code Overflow |
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Photoshop. |
|
2 |
CVE-2021-43762 |
20 |
|
Bypass |
2022-01-13 |
2022-01-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability. |
|
3 |
CVE-2021-42725 |
788 |
|
Exec Code Mem. Corr. |
2021-11-16 |
2022-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
|
4 |
CVE-2021-42720 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
5 |
CVE-2021-42719 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
6 |
CVE-2021-42533 |
415 |
|
Exec Code |
2022-03-16 |
2022-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. |
|
7 |
CVE-2021-39825 |
787 |
|
Exec Code |
2021-09-27 |
2021-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file. |
|
8 |
CVE-2021-39819 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-09-27 |
2022-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
|
9 |
CVE-2021-39818 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-09-27 |
2022-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
|
10 |
CVE-2021-36052 |
787 |
|
Exec Code Mem. Corr. |
2021-09-01 |
2022-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
|
11 |
CVE-2021-36051 |
120 |
|
Exec Code Overflow |
2021-10-04 |
2021-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. |
|
12 |
CVE-2021-36043 |
918 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled. |
|
13 |
CVE-2021-36042 |
20 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. |
|
14 |
CVE-2021-36041 |
20 |
|
Exec Code |
2021-09-01 |
2022-10-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution. |
|
15 |
CVE-2021-36040 |
20 |
|
Exec Code Bypass |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution. |
|
16 |
CVE-2021-36035 |
20 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution. |
|
17 |
CVE-2021-36034 |
20 |
|
Exec Code |
2021-09-01 |
2022-10-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. |
|
18 |
CVE-2021-36033 |
91 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. |
|
19 |
CVE-2021-36032 |
639 |
|
|
2021-09-01 |
2022-10-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. |
|
20 |
CVE-2021-36031 |
22 |
|
Exec Code Dir. Trav. |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. |
|
21 |
CVE-2021-36029 |
|
|
Exec Code |
2021-09-01 |
2022-10-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. |
|
22 |
CVE-2021-36028 |
91 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. |
|
23 |
CVE-2021-36025 |
20 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to achieve remote code execution. |
|
24 |
CVE-2021-36024 |
77 |
|
Exec Code |
2021-09-01 |
2022-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. |
|
25 |
CVE-2021-36022 |
91 |
|
Exec Code |
2021-09-01 |
2022-10-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. |
|
26 |
CVE-2021-36013 |
125 |
|
Exec Code |
2021-08-23 |
2021-08-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
27 |
CVE-2021-35993 |
787 |
|
Exec Code |
2021-09-02 |
2021-09-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
28 |
CVE-2021-35983 |
416 |
|
Exec Code |
2021-08-20 |
2021-09-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
29 |
CVE-2021-35981 |
416 |
|
Exec Code |
2021-08-20 |
2021-09-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
30 |
CVE-2021-28642 |
787 |
|
Exec Code |
2021-08-20 |
2021-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
31 |
CVE-2021-28641 |
416 |
|
Exec Code |
2021-08-20 |
2021-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
32 |
CVE-2021-28640 |
416 |
|
Exec Code |
2021-08-20 |
2021-08-26 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
33 |
CVE-2021-28638 |
122 |
|
Exec Code Overflow |
2021-08-20 |
2021-08-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
34 |
CVE-2021-28627 |
918 |
|
|
2021-08-24 |
2021-08-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. |
|
35 |
CVE-2021-21085 |
20 |
|
Exec Code |
2021-03-12 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine. |
|
36 |
CVE-2021-21082 |
787 |
|
Exec Code Mem. Corr. |
2021-03-12 |
2022-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
37 |
CVE-2020-24422 |
427 |
|
Exec Code |
2020-10-21 |
2020-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
38 |
CVE-2020-9732 |
79 |
|
XSS |
2020-09-10 |
2020-09-11 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
|
39 |
CVE-2020-9650 |
787 |
|
Exec Code |
2020-07-17 |
2020-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
40 |
CVE-2020-9646 |
787 |
|
Exec Code |
2020-07-17 |
2020-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
41 |
CVE-2020-9636 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-06-12 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
42 |
CVE-2020-9635 |
787 |
|
Exec Code |
2020-06-12 |
2020-06-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
43 |
CVE-2020-9634 |
787 |
|
Exec Code |
2020-06-12 |
2020-06-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
44 |
CVE-2020-3738 |
787 |
|
Exec Code |
2020-02-13 |
2020-02-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
45 |
CVE-2020-3737 |
787 |
|
Exec Code |
2020-02-13 |
2020-02-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
46 |
CVE-2019-8076 |
426 |
|
Exec Code |
2019-09-12 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. |
|
47 |
CVE-2019-8062 |
426 |
|
Exec Code |
2019-08-14 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
48 |
CVE-2019-7961 |
426 |
|
Exec Code |
2019-08-14 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
49 |
CVE-2019-7931 |
426 |
|
Exec Code |
2019-08-14 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
50 |
CVE-2019-7870 |
426 |
|
Exec Code |
2019-08-14 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
