VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,428 total · sorted by risk
  • CVE-2021-28611MedAug 24, 2021
    risk 0.40cvss 6.1epss 0.02

    Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the…

  • CVE-2021-21080MedMar 12, 2021
    risk 0.40cvss 6.1epss 0.01

    Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to…

  • CVE-2021-21079MedMar 12, 2021
    risk 0.40cvss 6.1epss 0.01

    Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to…

  • CVE-2021-21068MedMar 12, 2021
    risk 0.40cvss 6.1epss 0.01

    Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.

  • CVE-2021-21055MedFeb 11, 2021
    risk 0.40cvss 6.2epss 0.01

    Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries…

  • CVE-2020-24443MedNov 12, 2020
    risk 0.40cvss 6.1epss 0.01

    Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's…

  • CVE-2020-24442MedNov 12, 2020
    risk 0.40cvss 6.1epss 0.01

    Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's…

  • CVE-2020-24416MedOct 20, 2020
    risk 0.40cvss 6.1epss 0.02

    Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s…

  • CVE-2020-24408MedOct 16, 2020
    risk 0.40cvss 6.1epss 0.02

    Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other…

  • CVE-2020-9745MedSep 18, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User…

  • CVE-2020-9744MedSep 18, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User…

  • CVE-2020-9739MedSep 18, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User…

  • CVE-2020-9726MedSep 10, 2020
    risk 0.40cvss 6.1epss 0.03

    Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User…

  • CVE-2020-9665MedJul 22, 2020
    risk 0.40cvss 6.1epss 0.01

    Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-9577MedJun 26, 2020
    risk 0.40cvss 6.1epss 0.01

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .

  • CVE-2020-9651MedJun 12, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

  • CVE-2020-9648MedJun 12, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

  • CVE-2020-9647MedJun 12, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

  • CVE-2020-3758MedJan 29, 2020
    risk 0.40cvss 6.1epss 0.02

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-3715MedJan 29, 2020
    risk 0.40cvss 6.1epss 0.02

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-16467MedJan 15, 2020
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-16466MedJan 15, 2020
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8156HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.

  • CVE-2019-8151HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling…

  • CVE-2019-8141HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization…

  • CVE-2019-8119HigNov 5, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The…

  • CVE-2019-8114HigNov 5, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration…

  • CVE-2019-8085MedOct 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8084MedOct 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8083MedOct 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8080MedOct 24, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2019-8079MedOct 24, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8078MedOct 24, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8089MedOct 22, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8160MedOct 17, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information…

  • CVE-2019-7942HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.

  • CVE-2019-7930HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially…

  • CVE-2019-7923HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.

  • CVE-2019-7913HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.

  • CVE-2019-7912HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in…

  • CVE-2019-7903HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.

  • CVE-2019-7896HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv…

  • CVE-2019-7895HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.

  • CVE-2019-7892HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.

  • CVE-2019-7955MedJul 18, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

  • CVE-2019-7954MedJul 18, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

  • CVE-2019-7129MedMay 29, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-7092MedMay 24, 2019
    risk 0.40cvss 6.1epss 0.02

    ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

  • CVE-2018-19727MedJan 28, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-19726MedJan 28, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Page 72 of 149