# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-24086 |
20 |
|
Exec Code |
2022-02-16 |
2022-02-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. |
2 |
CVE-2021-42532 |
121 |
|
Exec Code Overflow |
2022-05-02 |
2022-05-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
3 |
CVE-2021-42531 |
787 |
|
Exec Code Overflow |
2022-05-02 |
2022-05-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
4 |
CVE-2021-42530 |
787 |
|
Exec Code Overflow |
2022-05-02 |
2022-05-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
5 |
CVE-2021-42529 |
787 |
|
Exec Code Overflow |
2022-05-02 |
2022-05-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
6 |
CVE-2021-42271 |
787 |
|
Exec Code |
2021-11-18 |
2021-11-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. |
7 |
CVE-2021-42270 |
787 |
|
Exec Code |
2021-11-18 |
2021-11-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. |
8 |
CVE-2021-42269 |
416 |
|
Exec Code |
2021-11-18 |
2021-11-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
9 |
CVE-2021-42267 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-11-18 |
2021-11-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
10 |
CVE-2021-42266 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-11-18 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
11 |
CVE-2021-40720 |
502 |
|
Exec Code |
2021-10-15 |
2021-10-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine. |
12 |
CVE-2021-39847 |
121 |
|
Exec Code Overflow |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
13 |
CVE-2021-36064 |
124 |
|
Exec Code |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
14 |
CVE-2021-36056 |
122 |
|
Exec Code Overflow |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
15 |
CVE-2021-36055 |
416 |
|
Exec Code |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
16 |
CVE-2021-36050 |
122 |
|
Exec Code Overflow |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
17 |
CVE-2021-36049 |
787 |
|
Exec Code Mem. Corr. |
2021-09-01 |
2022-10-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
18 |
CVE-2021-36048 |
20 |
|
Exec Code |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
19 |
CVE-2021-36047 |
20 |
|
Exec Code |
2021-09-01 |
2021-10-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
20 |
CVE-2021-36046 |
787 |
|
Exec Code Mem. Corr. |
2021-09-01 |
2022-10-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
21 |
CVE-2021-28639 |
416 |
|
Exec Code |
2021-08-20 |
2021-08-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
22 |
CVE-2021-28635 |
416 |
|
Exec Code |
2021-08-20 |
2021-08-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
23 |
CVE-2021-28594 |
427 |
|
Exec Code |
2021-08-24 |
2021-08-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
24 |
CVE-2021-28588 |
22 |
|
Exec Code Dir. Trav. |
2021-06-28 |
2021-07-02 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. |
25 |
CVE-2020-3794 |
20 |
|
Exec Code File Inclusion |
2020-03-25 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. |
26 |
CVE-2019-16451 |
787 |
|
Exec Code Overflow |
2019-12-19 |
2021-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . |
27 |
CVE-2019-8074 |
22 |
|
Dir. Trav. Bypass |
2019-09-27 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. |
28 |
CVE-2019-8073 |
77 |
|
Exec Code |
2019-09-27 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. |
29 |
CVE-2019-7964 |
|
|
Exec Code Bypass |
2019-08-16 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. |
30 |
CVE-2019-7840 |
502 |
|
Exec Code |
2019-06-12 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
31 |
CVE-2019-7839 |
77 |
|
Exec Code |
2019-06-12 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
32 |
CVE-2019-7838 |
434 |
|
Exec Code Bypass |
2019-06-12 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. |
33 |
CVE-2019-7816 |
434 |
|
Exec Code Bypass |
2019-05-24 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. |
34 |
CVE-2019-7104 |
787 |
|
Exec Code Mem. Corr. |
2019-05-23 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
35 |
CVE-2019-7091 |
502 |
|
Exec Code |
2019-05-24 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
36 |
CVE-2018-15965 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
37 |
CVE-2018-15961 |
434 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. |
38 |
CVE-2018-15959 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
39 |
CVE-2018-15958 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
40 |
CVE-2018-15957 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
41 |
CVE-2018-12823 |
787 |
|
Exec Code Overflow |
2018-10-17 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
42 |
CVE-2018-12822 |
416 |
|
Exec Code |
2018-10-17 |
2018-12-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
43 |
CVE-2018-12814 |
787 |
|
Exec Code Overflow |
2018-10-17 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
44 |
CVE-2018-12813 |
787 |
|
Exec Code Overflow |
2018-10-17 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
45 |
CVE-2018-4939 |
502 |
|
Exec Code |
2018-05-19 |
2020-05-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. |
46 |
CVE-2018-4895 |
787 |
|
Exec Code |
2018-02-27 |
2018-03-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. |
47 |
CVE-2018-4879 |
787 |
|
Exec Code |
2018-02-27 |
2018-03-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. |
48 |
CVE-2018-4872 |
|
|
Bypass |
2018-02-27 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. |
49 |
CVE-2017-16420 |
125 |
|
|
2017-12-09 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
50 |
CVE-2017-16418 |
125 |
|
|
2017-12-09 |
2017-12-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |