Vulnerabilities (CVE)

Filtered by vendor Adobe Subscribe
Total 5743 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28579 1 Adobe 1 Connect 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.
CVE-2021-35981 1 Adobe 2 Acrobat Dc, Acrobat Reader Dc 2024-02-28 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-36048 2 Adobe, Debian 2 Xmp Toolkit Software Development Kit, Debian Linux 2024-02-28 9.3 HIGH 7.8 HIGH
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVE-2021-28589 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-02-28 6.8 MEDIUM 7.8 HIGH
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-35988 1 Adobe 2 Acrobat Dc, Acrobat Reader Dc 2024-02-28 4.3 MEDIUM 3.3 LOW
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-36049 1 Adobe 1 Bridge 2024-02-28 9.3 HIGH 7.8 HIGH
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-28638 1 Adobe 2 Acrobat Dc, Acrobat Reader Dc 2024-02-28 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-28609 2 Adobe, Microsoft 2 After Effects, Windows 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-36038 1 Adobe 2 Adobe Commerce, Magento Open Source 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.
CVE-2021-36026 1 Adobe 2 Adobe Commerce, Magento Open Source 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-35990 2 Adobe, Microsoft 2 Bridge, Windows 2024-02-28 9.3 HIGH 7.8 HIGH
Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-21099 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-02-28 9.3 HIGH 8.8 HIGH
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-36062 1 Adobe 1 Connect 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2021-21091 2 Adobe, Microsoft 2 Bridge, Windows 2024-02-28 4.3 MEDIUM 3.3 LOW
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-36045 2 Adobe, Debian 2 Xmp Toolkit Software Development Kit, Debian Linux 2024-02-28 4.3 MEDIUM 3.3 LOW
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-10145 1 Adobe 1 Coldfusion 2024-02-28 7.2 HIGH 7.8 HIGH
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.
CVE-2021-36075 2 Adobe, Microsoft 2 Bridge, Windows 2024-02-28 9.3 HIGH 7.8 HIGH
Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-39817 2 Adobe, Microsoft 2 Bridge, Windows 2024-02-28 9.3 HIGH 7.8 HIGH
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-36063 1 Adobe 1 Connect 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-36076 2 Adobe, Microsoft 2 Bridge, Windows 2024-02-28 9.3 HIGH 7.8 HIGH
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.