Filtered by vendor Adobe
Subscribe
Total
6611 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24447 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2020-12-11 | 3.7 LOW | 7.0 HIGH |
| Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2006-5858 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Services | 2020-11-23 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | |||||
| CVE-2020-24443 | 1 Adobe | 1 Connect | 2020-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2020-24442 | 1 Adobe | 1 Connect | 2020-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2020-24409 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24411 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24410 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24422 | 1 Adobe | 1 Creative Cloud | 2020-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24418 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-10-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24419 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-10-29 | 6.9 MEDIUM | 7.8 HIGH |
| Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24423 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2020-10-29 | 6.9 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24420 | 2 Adobe, Microsoft | 2 Photoshop, Windows | 2020-10-29 | 6.9 MEDIUM | 7.8 HIGH |
| Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9750 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-9749 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-9747 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-9739 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2020-09-25 | 5.8 MEDIUM | 7.1 HIGH |
| Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-9744 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2020-09-25 | 5.8 MEDIUM | 7.1 HIGH |
| Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-9745 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2020-09-25 | 5.8 MEDIUM | 7.1 HIGH |
| Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-9737 | 1 Adobe | 1 Experience Manager | 2020-09-17 | 3.5 LOW | 4.8 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2020-9742 | 1 Adobe | 1 Experience Manager | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||