# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-42528 |
476 |
|
|
2022-05-02 |
2022-05-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2 |
CVE-2021-40722 |
611 |
|
|
2022-01-13 |
2022-01-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. |
3 |
CVE-2021-40719 |
502 |
|
Exec Code |
2021-10-21 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server. |
4 |
CVE-2021-36020 |
91 |
|
Exec Code |
2021-09-01 |
2021-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution. |
5 |
CVE-2020-10145 |
276 |
|
|
2021-05-27 |
2022-08-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. |
6 |
CVE-2019-8256 |
276 |
|
|
2019-12-19 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. |
7 |
CVE-2019-8088 |
77 |
|
Exec Code |
2019-10-25 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
8 |
CVE-2018-12829 |
295 |
|
|
2018-08-29 |
2018-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. |
9 |
CVE-2018-12805 |
427 |
|
|
2018-07-20 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. |
10 |
CVE-2018-12804 |
287 |
|
Bypass |
2018-07-20 |
2018-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. |
11 |
CVE-2018-4991 |
295 |
|
Bypass |
2018-05-19 |
2018-06-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. |
12 |
CVE-2017-11304 |
416 |
|
Exec Code |
2017-12-09 |
2017-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
13 |
CVE-2017-11303 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-12-09 |
2017-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
14 |
CVE-2017-11284 |
502 |
|
|
2017-12-01 |
2020-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. |
15 |
CVE-2017-11283 |
502 |
|
|
2017-12-01 |
2020-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. |
16 |
CVE-2017-3108 |
434 |
|
|
2017-08-11 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. |
17 |
CVE-2017-2989 |
20 |
|
Bypass |
2017-04-12 |
2017-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. |
18 |
CVE-2017-2968 |
94 |
|
|
2017-02-15 |
2017-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. |
19 |
CVE-2016-6935 |
428 |
|
+Priv |
2016-10-13 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. |
20 |
CVE-2016-4167 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-06-16 |
2016-06-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
21 |
CVE-2016-4116 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
22 |
CVE-2016-4115 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
23 |
CVE-2016-4114 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
24 |
CVE-2016-4113 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
25 |
CVE-2016-4112 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
26 |
CVE-2016-4111 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
27 |
CVE-2016-4110 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
28 |
CVE-2016-4109 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
29 |
CVE-2016-4108 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
30 |
CVE-2016-1114 |
502 |
|
Exec Code |
2016-05-11 |
2020-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. |
31 |
CVE-2016-1110 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
32 |
CVE-2016-1109 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
33 |
CVE-2016-1108 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
34 |
CVE-2016-1107 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
35 |
CVE-2016-1106 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
36 |
CVE-2016-1105 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
37 |
CVE-2016-1104 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
38 |
CVE-2016-1103 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
39 |
CVE-2016-1102 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
40 |
CVE-2016-1101 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
41 |
CVE-2016-1100 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
42 |
CVE-2016-1099 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
43 |
CVE-2016-1098 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
44 |
CVE-2016-1097 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
45 |
CVE-2016-1096 |
|
|
|
2016-05-11 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. |
46 |
CVE-2016-0957 |
|
|
Bypass |
2016-02-10 |
2016-02-25 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. |
47 |
CVE-2015-3126 |
|
|
DoS |
2015-07-09 |
2017-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-4429. |
48 |
CVE-2014-8442 |
264 |
|
|
2014-11-11 |
2018-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. |
49 |
CVE-2014-1883 |
264 |
|
Bypass |
2014-03-03 |
2014-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. |
50 |
CVE-2014-1882 |
264 |
|
Bypass |
2014-03-03 |
2014-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. |