VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,383 total · sorted by risk
  • CVE-2017-2941HigJan 11, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2940HigJan 11, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2939HigJan 11, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-6935HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

  • CVE-2016-4118HigMay 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2016-4106HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan…

  • CVE-2016-1090HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan…

  • CVE-2016-1087HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan…

  • CVE-2016-0947HigJan 14, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users…

  • CVE-2026-34619HigApr 14, 2026
    risk 0.50cvss 7.7epss 0.09

    ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized…

  • CVE-2023-26347HigNov 17, 2023
    risk 0.50cvss 7.5epss 0.10

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and…

  • CVE-2022-38424HigOct 14, 2022
    risk 0.50cvss 7.2epss 0.45

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not…

  • CVE-2022-34255HigAug 16, 2022
    risk 0.50cvss 8.8epss 0.02

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to…

  • CVE-2022-34254HigAug 16, 2022
    risk 0.50cvss 8.8epss 0.02

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the…

  • CVE-2020-24429HigNov 5, 2020
    risk 0.50cvss 7.7epss 0.03

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction…

  • CVE-2020-24428HigNov 5, 2020
    risk 0.50cvss 7.7epss 0.02

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of…

  • CVE-2019-16469HigJan 15, 2020
    risk 0.50cvss 7.5epss 0.17

    Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8159HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.03

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.

  • CVE-2019-8154HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update.

  • CVE-2019-8150HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.

  • CVE-2019-8137HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.

  • CVE-2019-8134HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.

  • CVE-2019-8130HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.

  • CVE-2019-8127HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password,…

  • CVE-2019-8122HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote…

  • CVE-2019-8111HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute…

  • CVE-2019-8110HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.

  • CVE-2019-8093HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.01

    An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.

  • CVE-2019-7885HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.02

    Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the…

  • CVE-2019-7876HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

  • CVE-2019-7871HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.01

    A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data…

  • CVE-2019-7865HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

  • CVE-2018-15979HigNov 29, 2018
    risk 0.50cvss 7.5epss 0.10

    Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4986HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4981HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4976HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4975HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4973HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4970HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4969HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4967HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4965HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.11

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4964HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4963HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4962HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4960HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4957HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4955HigJul 9, 2018
    risk 0.50cvss 7.5epss 0.12

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4994HigMay 19, 2018
    risk 0.50cvss 7.5epss 0.10

    Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2017-11275HigAug 11, 2017
    risk 0.50cvss 7.5epss 0.10

    Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Page 50 of 148