Filtered by vendor Adobe
Subscribe
Total
5631 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43758 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-45111 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | N/A | 5.5 MEDIUM |
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-43759 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | N/A | 5.5 MEDIUM |
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-43756 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-43760 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-45108 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-45109 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41874 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 9.8 CRITICAL |
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction. | |||||
CVE-2024-45113 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 7.5 HIGH |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction. | |||||
CVE-2024-39380 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-39381 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-39382 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-13 | N/A | 5.5 MEDIUM |
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41859 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41856 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-34128 | 1 Adobe | 1 Experience Manager | 2024-09-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2024-34142 | 1 Adobe | 1 Experience Manager | 2024-09-09 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2024-34141 | 1 Adobe | 1 Experience Manager | 2024-09-09 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2024-45107 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-06 | N/A | 5.5 MEDIUM |
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41879 | 2 Adobe, Microsoft | 2 Acrobat Reader, Edge | 2024-09-05 | N/A | 7.8 HIGH |
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41878 | 1 Adobe | 1 Experience Manager | 2024-08-27 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. |