VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,271 total · sorted by risk
  • CVE-2018-15937HigOct 12, 2018
    risk 0.53cvss 7.8epss 0.28

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15931HigOct 12, 2018
    risk 0.53cvss 7.8epss 0.28

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15930HigOct 12, 2018
    risk 0.53cvss 7.8epss 0.28

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-5006HigJul 20, 2018
    risk 0.53cvss 7.5epss 0.54

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2017-2946HigJan 11, 2017
    risk 0.53cvss 7.8epss 0.24

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-1030HigApr 9, 2016
    risk 0.53cvss 8.1epss 0.05

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2016-1006HigApr 9, 2016
    risk 0.53cvss 8.1epss 0.04

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data.

  • CVE-2016-0957HigFeb 10, 2016
    risk 0.53cvss 7.5epss 0.51

    Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

  • CVE-2005-1306HigJun 15, 2005
    risk 0.53cvss 7.5epss 0.15

    The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…

  • CVE-2023-38250HigOct 13, 2023
    risk 0.52cvss 8.0epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…

  • CVE-2023-38249HigOct 13, 2023
    risk 0.52cvss 8.0epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…

  • CVE-2023-38221HigOct 13, 2023
    risk 0.52cvss 8.0epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…

  • CVE-2022-42341HigOct 14, 2022
    risk 0.52cvss 7.5epss 0.36

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user…

  • CVE-2022-38422HigOct 14, 2022
    risk 0.52cvss 7.5epss 0.44

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require…

  • CVE-2022-38420HigOct 14, 2022
    risk 0.52cvss 7.5epss 0.44

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not…

  • CVE-2022-34221HigJul 15, 2022
    risk 0.52cvss 7.8epss 0.11

    Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the…

  • CVE-2022-28243HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An…

  • CVE-2022-28240HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…

  • CVE-2022-28238HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user.…

  • CVE-2022-28236HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2022-28233HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user.…

  • CVE-2022-28232HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object that could result in arbitrary code execution in the context of the current…

  • CVE-2022-28230HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current…

  • CVE-2022-27799HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.16

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current…

  • CVE-2022-27796HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current…

  • CVE-2022-27794HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.14

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context…

  • CVE-2022-27791HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.17

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing of a font, potentially resulting in arbitrary code execution in the context of…

  • CVE-2022-27790HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user.…

  • CVE-2022-27787HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.10

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2022-27786HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user.…

  • CVE-2022-27785HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user.…

  • CVE-2022-24104HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…

  • CVE-2022-24102HigMay 11, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…

  • CVE-2021-45068HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2021-45064HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current…

  • CVE-2021-45062HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.17

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current…

  • CVE-2021-44710HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.12

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current…

  • CVE-2021-44704HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current…

  • CVE-2021-44701HigJan 14, 2022
    risk 0.52cvss 7.8epss 0.21

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current…

  • CVE-2021-43764HigJan 13, 2022
    risk 0.52cvss 8.0epss 0.02

    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…

  • CVE-2021-43761HigJan 13, 2022
    risk 0.52cvss 8.0epss 0.01

    AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.…

  • CVE-2021-39863HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.13

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to…

  • CVE-2021-39842HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.17

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2021-39841HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user.…

  • CVE-2021-36043HigSep 1, 2021
    risk 0.52cvss 8.0epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be…

  • CVE-2021-28640HigAug 20, 2021
    risk 0.52cvss 7.3epss 0.52

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context…

  • CVE-2021-21056HigMar 12, 2021
    risk 0.52cvss 7.8epss 0.21

    Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-21014CriFeb 11, 2021
    risk 0.52cvss 9.1epss 0.04

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for…

  • CVE-2020-24436HigNov 5, 2020
    risk 0.52cvss 7.8epss 0.16

    Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this…

Page 30 of 146