Skip to main content

Adobe

5604 CVEs vendor

Monthly

CVE-2021-21020 PHP MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2021-21019 PHP CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
9.1
EPSS
3.6%
CVE-2021-21018 PHP CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.1%
CVE-2021-21017 HIGH KEV THREAT This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
8.8
EPSS
86.2%
CVE-2021-21016 PHP CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.7%
CVE-2021-21015 PHP HIGH PATCH This Week

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.0
8.0
EPSS
2.9%
CVE-2021-21013 HIGH This Week

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass Magento
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2021-21012 MEDIUM This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass Magento Commerce Magento Open Source
NVD
CVSS 3.0
5.3
EPSS
4.0%
CVE-2021-21011 HIGH This Week

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Adobe Captivate
NVD
CVSS 3.1
7.0
EPSS
2.0%
CVE-2021-21009 HIGH This Week

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Adobe Campaign Classic
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2021-21008 HIGH This Week

Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Adobe Animate
NVD
CVSS 3.1
7.0
EPSS
2.4%
CVE-2021-21007 HIGH This Week

Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Adobe Illustrator
NVD
CVSS 3.1
7.0
EPSS
2.2%
CVE-2021-21006 HIGH This Week

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Photoshop
NVD
CVSS 3.1
8.6
EPSS
5.6%
CVE-2020-24447 HIGH PATCH This Week

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Microsoft Lightroom
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-24440 HIGH PATCH This Week

Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Prelude
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-24443 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-24442 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-24441 MEDIUM PATCH This Month

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Adobe Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-24407 PHP CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE Magento
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2020-24406 PHP LOW PATCH Monitor

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Information Disclosure Magento
NVD
CVSS 3.1
3.7
EPSS
2.1%
CVE-2020-24405 PHP MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-24404 PHP LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-24403 PHP LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-24402 PHP MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Magento
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2020-24401 PHP MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-24400 PHP HIGH PATCH This Week

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SQLi Information Disclosure Magento
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-24439 LOW PATCH Monitor

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Adobe Jwt Attack Authentication Bypass Apple Acrobat +3
NVD
CVSS 3.1
2.8
EPSS
0.6%
CVE-2020-24438 LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption Information Disclosure Acrobat +3
NVD
CVSS 3.1
3.3
EPSS
3.8%
CVE-2020-24437 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
45.1%
CVE-2020-24436 HIGH This Week

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
16.3%
CVE-2020-24435 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
51.3%
CVE-2020-24434 LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.1
3.3
EPSS
3.0%
CVE-2020-24433 HIGH This Week

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Privilege Escalation Authentication Bypass Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
15.2%
CVE-2020-24432 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
7.8
EPSS
10.6%
CVE-2020-24431 MEDIUM This Month

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Apple Acrobat Acrobat Dc +2
NVD
CVSS 3.1
4.4
EPSS
1.6%
CVE-2020-24430 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
17.9%
CVE-2020-24429 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack Apple Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-24428 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Adobe Privilege Escalation Apple Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.7
EPSS
2.2%
CVE-2020-24427 LOW Monitor

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
3.3
EPSS
2.4%
CVE-2020-24426 LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.1
3.3
EPSS
3.0%
CVE-2020-24421 MEDIUM This Month

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-24424 HIGH This Week

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-24423 HIGH This Week

Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Microsoft Media Encoder
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-24420 HIGH PATCH This Week

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Microsoft Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24419 HIGH PATCH This Week

Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Microsoft After Effects
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-24418 HIGH PATCH This Week

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure After Effects
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-9750 HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Animate
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-9749 HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Animate
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-9748 HIGH PATCH This Week

Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Adobe Animate
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2020-9747 HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Animate
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-24422 HIGH This Week

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Microsoft Creative Cloud
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-15244 PHP HIGH PATCH This Week

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Adobe Code Injection PHP Magento
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-24415 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24414 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24413 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24412 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24411 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2020-24410 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-24409 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-24408 PHP MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-9746 HIGH This Week

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Null Pointer Dereference Denial Of Service Flash Player
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-9745 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-9744 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-9739 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-9726 MEDIUM PATCH This Month

Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2020-9725 HIGH PATCH This Week

Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-5777 PHP CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass Magmi
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2020-15151 PHP HIGH PATCH This Week

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Adobe CSRF Openmage Long Term Support Magento
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-9724 HIGH This Week

Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Lightroom
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-9723 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9722 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat Dc +1
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2020-9721 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9720 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9719 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9718 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9717 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9716 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9715 HIGH POC KEV THREAT Act Now

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE Memory Corruption Use After Free Adobe
NVD VulDB
CVSS 3.1
7.8
EPSS
50.4%
Threat
6.1
CVE-2020-9714 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9712 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
3.4%
CVE-2020-9710 LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
3.3
EPSS
2.8%
CVE-2020-9707 LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
3.3
EPSS
2.8%
CVE-2020-9706 LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
3.3
EPSS
2.8%
CVE-2020-9705 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9704 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2020-9703 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2020-9702 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2020-9697 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
3.1%
CVE-2020-9696 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2020-9694 HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Acrobat Dc +1
NVD
CVSS 3.1
7.8
EPSS
4.5%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
EPSS 4% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
EPSS 4% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe +1
NVD
EPSS 86% CVSS 8.8
HIGH KEV THREAT This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 5% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe +1
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Command Injection Adobe +1
NVD
EPSS 3% CVSS 8.1
HIGH This Week

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass +1
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass +2
NVD
EPSS 2% CVSS 7.0
HIGH This Week

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Adobe Captivate
NVD
EPSS 3% CVSS 8.6
HIGH This Week

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Adobe Campaign Classic
NVD
EPSS 2% CVSS 7.0
HIGH This Week

Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Adobe Animate
NVD
EPSS 2% CVSS 7.0
HIGH This Week

Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Adobe Illustrator
NVD
EPSS 6% CVSS 8.6
HIGH This Week

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Microsoft +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Prelude
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Adobe +1
NVD
EPSS 6% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE +1
NVD
EPSS 2% CVSS 3.7
LOW PATCH Monitor

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Information Disclosure Magento
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
EPSS 2% CVSS 2.7
LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
EPSS 2% CVSS 2.7
LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Magento
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SQLi Information Disclosure +1
NVD
EPSS 1% CVSS 2.8
LOW PATCH Monitor

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Adobe Jwt Attack Authentication Bypass +5
NVD
EPSS 4% CVSS 3.3
LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption +5
NVD
EPSS 45% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption +5
NVD
EPSS 16% CVSS 7.8
HIGH This Week

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Adobe +4
NVD
EPSS 51% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 3% CVSS 3.3
LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +4
NVD
EPSS 15% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Privilege Escalation +5
NVD
EPSS 11% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat +3
NVD
EPSS 2% CVSS 4.4
MEDIUM This Month

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Apple +4
NVD
EPSS 18% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption +5
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack +5
NVD
EPSS 2% CVSS 7.7
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Adobe Privilege Escalation Apple +4
NVD
EPSS 2% CVSS 3.3
LOW Monitor

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat +3
NVD
EPSS 3% CVSS 3.3
LOW Monitor

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +4
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Null Pointer Dereference Denial Of Service +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Premiere Pro
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Microsoft +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Microsoft +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Microsoft +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure +1
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE +2
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Animate
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Microsoft +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Adobe Code Injection PHP +1
NVD GitHub
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow +1
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE +2
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE +2
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Null Pointer Dereference +2
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +1
NVD
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure +1
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 24% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass +1
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Adobe CSRF Openmage Long Term Support +1
NVD GitHub
EPSS 3% CVSS 7.8
HIGH This Week

Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Lightroom
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 50% 6.1 CVSS 7.8
HIGH POC KEV THREAT Act Now

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE Memory Corruption Use After Free +1
NVD VulDB
EPSS 3% CVSS 7.8
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Acrobat Dc +1
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Acrobat Dc +1
NVD
EPSS 3% CVSS 3.3
LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 3.3
LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 3.3
LOW Monitor

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe +2
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Acrobat Dc +1
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Acrobat Dc +1
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Dc +1
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Acrobat Dc +1
NVD
EPSS 5% CVSS 7.8
HIGH This Week

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +3
NVD
Prev Page 28 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy